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In  this  issue,  the  third  in  a  six-part  New  Data  Center  series 
we  investigate  next-generation  storage  technologies  and 
advanced  infrastructure.  Starts  after  page  50 
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$100  laptops? . . .  Not  yet 

One  Laptop  Per  Child  pro¬ 
ject  forging  ahead, 
despite  growing  pains. 

BY  MARTYN  WILLIAMS,  IDG 
NEWS  SERVICE 

On  a  desk  in  a  messy  office 
on  the  eighth  floor  of  a 
building  opposite  the 
Massachusetts  Institute  of  Tech¬ 
nology  sits  a  circuit  board  that 
might  just  transform  education 
for  millions  of  kids  around  the 
world. 

The  board  is  the  first  prototype 
hardware  for  the  ambitious  One  Laptop  Per  Child  (OLPC)  project, 
a  nonprofit  effort  announced  in  January  2005  and  launched  by  a 
group  of  MIT  Media  Laboratory  faculty  Led  by  Nicholas  Negro- 
ponte,  chairman  of  OLPC  and  a  co-founder  of  the  MIT  Media  Lab, 

See  OLPC,  page  91 


Nicholas  Negroponte  shows  an 
early  model  of  the  $100  laptop. 


Microsoft  tries  to  sell 
two-tiered  grand  vision 


BY  JOHN  FONTANA 

Microsoft’s  Chief  Software  Architect  Bill  Gates,  who 
last  week  hosted  his  10th  annual  CEO  Summit,  used 
his  keynote  address  to  show  how  search  features 
being  developed  in  Office  SharePoint  Server  2007 
and  Windows  Vista  will  integrate  with  a  new  desktop 
version  of  Windows  Live  Search  and  the  MSN 
Internet  service  of  the  same  name. 

The  company  is  reacting  to  challenges  presented 
by  Google  and  Yahoo,  the  rise  of  Web  2.0  technolo¬ 
gies,  the  concept  of  Web-based  services,  and  how 
these  new  technologies,  such  as  near  real-time 
upgrades,  are  exposing  the  limitations  of  packaged 
software. 

The  company  says  the  digitization  of  everything 
from  business  transactions  to  maps  is  quickly  chang¬ 
ing  the  way  people  work,  and  is  fostering  a  combi¬ 
nation  of  software  and  services  that  will  define  the 


next  generation  of  corporate  productivity 

Microsoft  plans  to  offer  a  single  interface  that  re¬ 
turns  data  collected  from  the  desktop,  intranet  and 
Internet,  and  infuse  it  with  workflow  and  other  tech¬ 
nologies  so  users  can  act  on  search  results. 

Gates  also  debuted  two  SharePoint  products,  the 
SharePoint  Search  Server,  a 
pure  search  engine,  and 
Knowledge  Network,  an  add¬ 
on  that  helps  people  find 
experts  on  topics  they  are 
researching. 

“The  idea  is  taking  one,  basic  drivetrain  that  all 
these  things  fit  into,”  Gates  said.“You  get  this  cycle  of 
decisions,  actions,  finding  insight,  you  get  those 
things  feeding  on  each  other,  and  people  in  a  bot- 
toms-up  way  get  involved  in  these  processes.”  Gates 

See  Microsoft,  page  16 


I  Start-ups  target 
backup  and  protec¬ 
tion  of  Microsoft 
applications.  Page  8. 


Security  expert 
offers  advice 

Purdue  University’s  Eugene 
Spafford  on: 

•  Security  through  diversity  of  IT  and 
network  technologies. 

•  How  VoIP  and  wireless  can  make 
networks  vulnerable. 

•  The  next  big  threat.  Pa£e  19. 
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Q  Internet  |  Security  |  Systems* 

Ahead  of  the  threat 


Gartner  analyst 
Resist  Gig  Ethernet 


BY  PHIL  HOCHMUTH 
AND  JIM  DUFFY 

Is  Gigabit  Ethernet  a  waste  of 
your  money? 

An  analyst  last  week  told  enter¬ 
prise  IT  and  network  profession¬ 
als  they  will  toss  away  more  than 
$10  billion  on  Gigabit  Ethernet 
LAN  gear  over  the  next  two  years 
that  would  be  better  spent  on 
technologies  designed  to  sup¬ 
port  increasingly  distributed 
workforces. 

“The  majority  of  network  design¬ 
ers  continue  to  be  caught  in  tradi¬ 
tional  design  practices,”  said  Mark 
Fabbi,  Gartner  vice  president  and 
distinguished  analyst,  speaking  at 
the  company’s  Symposium/ITxpo 


in  San  Francisco.  “They  continue 
to  spend  money  on  bigger  and 
faster  core  networking  technolo¬ 
gies  at  their  headquarters  and 
large  locations  that  don’t  actually 
serve  the  user  population.” 

Fabbi’s  claim  is  something  of  a 
new  twist  on  the  old  “throw  band¬ 
width  at  the  problem  vs.  using 
QoS  and  other  techniques  to  fit 
bandwidth  to  application  de¬ 
mands”  debate.  The  analyst 
argued  that  most  corporate  appli¬ 
cations  —  even  videoconferenc¬ 
ing  and  VoIP  —  do  not  require 
more  than  a  few  hundred  kilobits 
per  second  of  bandwidth. 

“Astute  network  managers  will 
See  Gartner,  page  14 


Phishing  attacks  hit 
all-time  high  as 
organized  criminals 
unleash  armies  of 
botnets  to  steal 
confidential 
information. 

Page  40. 


See  Page  11  to  Learn  More! 
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_THE  INVASION 

_DAY  16:  These  servers  are  so  hot,  we’re  running  the  AC  at  full 
blast,  and  the  thermometer  is  still  pushing  140°  Had  to  relax 
the  dress  code  in  the  server  room.  No  choice.  It’s  towels  and 
flip-flops  until  we  get  this  heat  problem  under  control. 

_Gil  says  he’s  lost  a  lot  of  weight.  I  hadn’t  noticed. 

_DAY  17:  I  found  a  cooler  answer  to  our  heat  problem:  the  IBM 
BladeCenter®  with  Intel®  Xeon®  Processors  reduces  the  overall 
amount  of  power  required  by  the  system.  The  BladeCenter  is 
designed  to  respond  automatically  to  power  events  and  can  use 
up  to  37%  less  energy1.  Less  power.  Less  heat.  Less  money.  Less 
stress. 

_0h,  apparently  HR  had  a  problem  with  the  dress  code  but  couldn’t 
call  and  tell  us,  since  the  phones  had  melted. 


IBM.COM/TAKEBACKCONTROL/BLADE 


STABILITY 


If  there's  one  constant  in  business  today,  it's  change. 
But  large  or  small,  internal  or  external,  change 
doesn't  have  to  impede  IT  service  delivery.  Think  of 
change  as  an  opportunity  for  IT  to  satisfy  fluctuating 
demand  while  maintaining  a  stable,  productive  work 
environment.  With  integrated  CA  software  solutions 
for  service  management  and  service  availability,  you 
can  unify  and  simplify  the  way  you  manage  complex 
IT  services  across  the  enterprise.  Anticipate  and 
prioritize  shifting  demand.  Automate  processes  to 
ensure  timely  delivery  and  reliability  of  service.  And 
leverage  industry  best  practices  such  as  ITIL.  It's  all 
possible  with  our  unique  approach  to  managing 
technology  called  Enterprise  IT  Management  (EITM). 
To  learn  more  about  how  CA  solutions  can  stabilize 
change  to  create  a  true  service-driven  IT 
environment,  visit  ca.com/deliver. 
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News 

8  Lotus  fires  back  at  Microsoft’s  Notes  rhetoric. 

8  Start-up  zeroes  in  on  Microsoft  backup  and  storage  for 

small  to  midsize  businesses. 

10  Nortel:  Enterprise  still  key  to  rebound. 

10  Nortel  adds  IPS  feature  to  application  switch. 

12  Open  source  role  at  Sun  remains  murky. 

13  Reflexion  adds  traditional  spam  blockers. 

14  Emergency  remote  access  made  more  affordable. 

16  Start-up's  software  targets  internal  threats. 

19  Security  expert  recommends  net  diversity. 


In  this  issue,  the  third  in  our  six-part  New  Data 
Center  series,  we  investigate  next-generation  storage 
technologies  such  as  automated  storage-area  net¬ 
work  management  and  continuous  data  provisioning 
tools,  as  well  as  delve  into  a  host  of  other  advanced 
infrastructure  issues.  We  also  take  a  look  at  how  two 


Net  Infrastructure  Technology  Update 


firms,  MB  Financial  Bank  and  CitiStreet,  have 


21  Open  source  automates  college 
network  security. 

21  Foundry  adds  Snort  to  LAN 
switch. 

22  Mike  Rothman:  You  say  you 

want  a  security  revolution. 

Enterprise  Computing 

24  Wireless  fosters  'real-time' 
mind-set. 

24  Sun,  HP  make  changes. 

Application  Services 

25  Webify  looks  to  manage 
application  services. 

25  BMC  Software  expands  reach 
of  configuration  product. 

28  Scott  Bradner:  Patents:  Don't 
just  say  'no'. 

28  Oracle  takes  aim  at  SAP  cus¬ 
tomers  with  R/3  applications. 

30  SPECIAL  FOCUS:  AJAX  offers 
corporate  challenges,  chances. 

Service  Providers 

33  Johna  Till  Johnson: 

NSA-linked  carriers  face  tough 
issues. 

33  Qwest  to  expand  reach  with 
OnFiber. 

33  Skype  chief  promises  more  for 
business  customers. 

COOL  TOOLS 

The  RTX  Dualphone  lets  you 
make  Skype  calls  and  regular 
PSTN  calls.  Page  36 


35  Synchronous  mesh  offers 
scalability. 


embraced  New  Data  Center  technologies.  Our  special 


35  Steve  Blass:  Ask  Dr.  Internet. 


coverage  begins  after  Page  50. 


36  Mark  Gibbs:  Taking  computers 
under  water. 

36  Keith  Shaw:  Cool  tools,  gizmos 
and  other  neat  stuff. 


Opinions 


38  On  Technology:  Job  skills  for 
the  new  IT. 


39  Ken  Presti:  Managed  services: 
Words  to  the  wise. 

39  Thomas  Nolle:  Market  mass 
or  open  standards? 

92  BackSpin:  ICANN,  crashed  in  the 
cranium. 


92  'Net  Buzz:  Google  beats  porn 
...  but  not  sex. 


Management 
Strategies 

86  Betting  on  soft- 
ware-as-a-service: 

Peter  Ross,  of 
staffing  firm  Vedior, 
handed  over  core 
systems  to  a  hosted  software 
provider, 


Sport  phishing  morphs 

into  cyhercrime  wave 

Organized  criminal  groups  are  unleashing  armies  of  botnets  to 
steal  confidential  information.  And  they're  using  increasingly 
sophisticated  phishes  involving  Trojan  horses,  keyloggers  and 
browser  redirectors.  Page  40. 

Clear  Choice  Test: 

Terabyte-sized  NAS  appliances 

Anthology's  toaster-sized  Yellow  Machine  burns  the  competi¬ 
tion  in  our  test  of  five  NAS  boxes.  Page  44. 
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ITVideo:  Securing  SIP 

As  Session 
Initiation  Protocol 
is  starting  to  make 
inroads  into  the 
enterprise,  new 
SIP  security  threats  are  rearing 
their  ugly  heads.  How  do  you  fight 
them?  Covergence  CEO  Bob  O'Neil 
explains  in  this  week's  Hot  Seat. 
DocFinder:  3549 

Bluetooth  to  serial  adapters 

Test  Alliance  member  Joel  Snyder 


shows  off  new  Bluetooth-to-serial 
adapters  from  lOGear  and  Blue 
Console,  which  allows  network 
administrators  to  wirelessly  config¬ 
ure  network  devices  without  the 
need  for  cumbersome  cables. 
DocFinder:  3550 

Gibbsblog:  Evolving  spammers 

Who's  evolving  faster?  Spammers  or 
the  people  trying  to  stop  them? 
Debate  Columnist  Mark  Gibbs' 
theory  of  Darwinian  spam  evolution. 

DocFinder:  3551 


Online  help  and  advice 

Upgrading  Cisco  switches 

Help  desk  guru  Ron  Nutter  helps  a 
user  whose  first  assignment  at  his 
new  job  is  to  update  the  firmware 
on  the  company  switches. 

DocFinder:  3553 

Emerging  wireless  attacks 

Andrew  Lockhart  of  the  Wireless 
Vulnerabilities  and  Exploits  project, 
explains  what  new  threats  you  need 
to  worry  about.  DocFinder:  3554 

Branching  out  into  consolidation 

Data  center  consolidation  was  the 


hot  thing  in  recent  years.  Now  get 
ready  for  branch  office  consolida¬ 
tion,  analyst  Robin  Gareiss  writes. 

DocFinder:  3555 

How  to  deal  with  pesky  vendors 

Analyst  Mike  Karp  offers  tips  on 
dealing  with  salespeople  who  just 
won't  shut  op.  DocFinder:  3556 

Storage  search 

Need  help  with  your  storage  sys¬ 
tems?  Our  global  Storage  Search 
lets  you  find  answers  from  across 
the  Net.  DocFinder:  3557 


Seminars  and  events 

Application  &  Content  Security:  Building  the  Defensible  Network 

Learn  how  today’s  fortress  network  integrates  VoIP  and  wireless  into  the 
security  grid:  implements  automatic  patch  management;  audits  perfor¬ 
mance  and  identifies  weaknesses;  and  protects  core  data  and  critical 
applications.  Attend  the  free  Technology  Tour  event  your  enterprise 
doesn’t  want  you  to  miss.  For  cities  and  dates  and  how  to  qualify  to 
attend  free,  visit:  DocFinder:3558 


BREAKING  NEWS 

Go  online  for  breaking  news  every  day.  DocFinder.  1001 

Free  e-mail  newsletters 

Sign  up  for  any  of  more  than  40  newsletters  on  key  network  topics. 

DocFinder:  1002 

What  is  DocFinder? 

We’ve  made  it  easy  to  access  articles  and  resources 
online.  Simply  enter  the  four-digit  DocFinder  number  in 
the  search  box  on  the  home  page,  and  you’ll  jump  directly 
to  the  requested  information. 
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Symantec  sues  Microsoft  over  contract 

■  Symantec  last  week  filed  a  lawsuit  against  Microsoft  alleging  that  the  software 
giant  violated  a  contract  about  the  use  of  intellectual  property  and  used  the  tech 
nology  to  develop  a  competing  product.The  suit  concerns  a  contract  that 
Microsoft  signed  in  1996  with  Veritas,  which  was  acquired  by  Symantec  last 
year.  Symantec  also  is  requesting  an  injunction  to  stop  further  development, 
sale  or  distribution  of  Vista  and  Longhorn.The  suit  alleges,  among  other 
issues,  trade  secret  misappropriation,  breach  of  contract,  unfair  competition, 
and  copyright  and  patent  infringement,  and  demands  a  jury  trial.The  con¬ 
tract  allowed  Microsoft  to  use  a  technology  called  Volume  Manager,  accord¬ 
ing  to  Cris  Paden,a  public  relations  spokesman  for  Symantec.  Microsoft  has 


TheGoodTheBadTheUgly 

Diversifying  the  IT  field.  A  group  of  10  universities  is 
uniting  to  try  to  diversify  the  IT  industry  in  the  United  States  by  encour¬ 
aging  more  women,  minorities  and  disabled  people  to  enter  the  field.  The 
Students  and  Technology  in  Academia, 
Research  and  Service  Alliance  is  backed  by 
S2  million  from  the  National  Science 
Foundation.  The  alliance  is  using  that  money  to 
recruit  a  diverse  group  of  students  into  com¬ 
puter  science  and  other  IT-related  fields. 

<  Snooping  on  the  boss,  a 

former  U.S.  Department  of  Education  secu¬ 
rity  auditor  has  admitted  to  snooping  on  his 
supervisor's  computer,  then  sharing  informa¬ 
tion  on  the  boss's  e-mail  and  Internet  habits. 
The  punishment  handed  down  last  week?  Ten 
months  in  jail  and  home  confinement. 


planned  to  use  the  technology  in  its  operating  system  to  help  users  manage  large 


flows  of  data.  Microsoft  denied  the  allegations. 


BellSouth  seeks  retraction 

■  BellSouth  is  demanding  USA  Today  retract  a  story 
claiming  it  and  two  other  carriers  were  under  contract 
to  the  National  Security  Agency  to  surrender  call 
records  for  a  domestic  antiterrorism  surveillance  pro¬ 
gram.  BellSouth  claims  the  story’s  assertion  it  was 
under  contract  to  provide  massive  call  record  data  to 
the  NSA  is  untrue." We  have  no  contract  with  the  NSA, 
never  had  a  contract  with  the  NSA,  and  have  never 
provided  the  NSA  with  any  information,  ever?  said  a 
BellSouth  spokesman.  USA  Today  said  it  received  the 
BellSouth  letter  and  is  reviewing  it.  The  newspaper 
said  it  will  respond. Verizon  and  AT&T,  which  the  story 
also  pegged  as  contractually  obligated  to  forward  call 
record  data  to  the  NSA  following  the  Sept.  1 1  terrorist 
attacks,  also  denied  aspects  of  the  story 

IBM  to  acquire  Rembo  Technology 

■  IBM  last  week  announced  it  had  entered  into  a 
deal  to  acquire  a  Swiss  company  and  intends  to  use 
its  technology  to  bolster  Big  Blue’s  systems  manage¬ 
ment  and  virtualization  product  suites.The  terms  of 
the  deal  were  not  disclosed.  Rembo  Technology,  a 
privately  held  software  maker  in  Geneva,  develops 
products  that  automate  the  manual  process  of 
installing  and  updating  operating  systems  on  servers 
and  client  machines  such  as  desktops  and  laptops. 
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“They  weren’t  worth  the  paper 
they  were  written  on.’’ 

FBI  special  agent  Nenette  Day,  discussing  nondisclosure  agree¬ 
ments  signed  by  an  Indian  outsourcing  company’s  employees, 
one  of  whom  tried  to  sell  an  American  client’s  source  code  to 
one  of  the  client's  competitors. 

See  story  at  www.nwdocfinder.com/3560 


IBM  says  this  acquisition  is  expected  to  be  complete 
by  the  second  quarter. “The  key  point  when  looking 
at  virtualization  and  IT  service  management  is  that 
they  are  both  about  simplifying  the  complexity  of 
manual,  time-consuming  tasks  IT  is  faced  with  every 
day?’  says  Kevin  Leahy,  director  of  virtualization  strat¬ 
egy  for  IBM.  “For  organizations  with  tens  of  thou¬ 
sands  of  client  machines  and  servers,  the  time,  en¬ 
ergy  and  effort  put  toward  manually  installing 
servers  are  just  not  acceptable.” 

VeriSign  to  buy  SSL  vendor 

■  VeriSign  said  last  week  it  will  purchase  SSL  cer- 


“Amcithophobics  Local  7-2 
shows  off  their  new  banner  for 
the  upcoming  Macy’s  parade.  ” 


Paul  Carroll  of  St  Pete  Beach,  Fla.,  is  this  week's  winner.  Check  back  each  Monday 
for  the  start  of  a  new  contest  www.networkworld.com/weblogs/layer8 


Vendorspeak  humor.  Comedian  Tony  Dano  entertained 
at  the  recent  CIO  Forum,  which  took  place  on  a  cruise  ship  out  of  New 
York.  He  asked  one  audience  member  what  he  did  for  a  living.  “I  sell 
consulting  outsourcing,"  the  man  replied.  "Is  that  even  a  sentence?" 
Daro  shot  back. 


tificate  provider  GeoTrust  for  about  $125  million,  a 
deal  that  will  give  VeriSign  access  to  GeoTrust’s 
extensive  reseller  channel.  Purchasing  GeoTrust 
also  will  let  VeriSign  sell  to  small-and-midsize  busi¬ 
nesses,  which  it  previously  did  not  serve,  VeriSign 
said.  SSL  certificates  let  secure  sessions  and  trans¬ 
actions  take  place  over  the  Internet. VeriSign’s  busi¬ 
ness  grew  out  of  direct  sales  of  SSL  certificates  to 
large  enterprises,  though  the  company  has  evolved 
over  the  years  to  provide  other  network  infrastruc¬ 
ture  products  and  services,  including  VoIR  online 
payment  processing  and  managed  security  ser¬ 
vices.  The  company  has  more  than  3,000  cus¬ 
tomers  in  its  SSL  business.  Subject  to  regulatory 
approvals,  the  GeoTrust  purchase  is  expected  to 
close  in  the  second  half  of  the  year, VeriSign  said. 

Skype  user  base  seen  as  a  shield 

■  The  larger  Skype’s  user  base  grows,  the  less  likely 
it  is  telecom  operators  or  regulators  will  block  the 
VoIP  service  successfully,  said  the  head  of  Skype’s 
European  operations,  during  an  interview  at  the  VON 
Europe  conference  in  Stockholm.  An  experience  in 
Brazil  is  a  good  example,  said  James  Bilefield,  gen¬ 
eral  manager  of  Skype  in  Europe.  About  a  year  ago, 
one  of  the  largest  telecom  operators  in  Brazil 
blocked  Skype.The  reaction  from  Skype  users  was  so 
strong  the  operator  relented  after  a  week.  “The  com¬ 
munity  has  the  power  to  change  things,”  he  said. 
Some  operators,  particularly  the  incumbents,  may 
seek  to  block  Skype,  because  its  low-cost  voice  ser¬ 
vice  can  steal  market  share  and  thus  eat  into  their 
most  significant  source  of  revenue.  If  the  issue  of 
blocking  Skype  heats  up, Skype  thinks  regulators  will 
be  on  its  side.  “Overall,  regulators  want  to  provide 
choice.  Skype  does  that,”  he  said. 
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Incident  Control  System,  Adaptive  Security  Appliances,  and  more. 

Trend  Micro.  Integrated  intelligence.  Increased  security. 


Cisco  Systems 


Technology 

Developer 

Partner 


TREND 

micro" 
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Lotus:  Microsoft  is  wrong  about  Notes 


Notes/Domino  timetable 

Lotus  is  working  on  the  next  release  of  its  Notes/Domino 
platform,  which  will  provide  tighter  integration  with  its  Workplace 
collaboration  platform,  based  on  Java  2  Platform  Enterprise 
Edition. 


Platform 

Highlight 

Availability 

Notes  Hannover 
client 

Built  on  Eclipse  framework, 

First  open  beta  in  2006; 
ships  in  2007. 

Domino  Next 

First  introduction  of  server  with 
activity-centric  features,  server- 
based  management  of  client. 

Ships  in  2007  but  not 
necessarily  at  same  time 
as  Hannover. 

Sametime  7.5 

Instant  messaging,  conferencing 
server  gets  name  and  look-and-feel 
makeover. 

2007 

- 24- 

BY  JOHN  FONTANA 

Lotus  does  not  intend  to  back 
off  its  stated  commitment  to  pro¬ 
vide  backward  compatibility  for 
all  Notes  applications,  regardless 
of  reports  to  the  contrary  last 
week  from  rival  Microsoft. 

“If  others  are  misinformed,  that’s 
fine,  but  the  reality  is  the  state¬ 
ments  I  am  making  are  the  ones  I 
am  holding  my  team  account¬ 
able  to,  and  are  the  ones  my  cus¬ 
tomers  are  holding  me  account¬ 
able  to,”  said  Lotus  General 
Manager  Mike  Rhodin,  after  last 
week’s  annual  Notes  user  confer¬ 
ence  in  Germany. 

In  January  at  the  company’s 
annual  Lotusphere  conference 
Rhodin  declared  that  there  would 
be  continued  support  for  all 
Notes  applications.  Lotus  plans  to 
release  in  the  first  half  of  2007  its 
Notes  Hannover  client  and 
Domino  Next,  both  of  which  inte¬ 
grate  with  its  Workplace  collabo¬ 
ration  platform  based  on  Java  2 
Platform  Enterprise  Edition. 


“I  stand  behind  the  statements  I 
made  in  January  and  I  made  them 
again  in  front  of  press  and  ana¬ 
lysts  here  in  Germany  I  have  been 
pretty  consistent,”  Rhodin  said. 

The  war  of  words  between 
IBM/Lotus  and  Microsoft  has  gone 
on  for  years,  as  the  pair  has  come 


to  dominate  the  messaging  and 
collaboration  software  market. 

Bill  Gates,  Microsoft’s  chief  soft¬ 
ware  architect,  took  the  latest  shot 
while  speaking  last  week  at  the 
company’s  first  SharePoint  Confer¬ 
ence.  He  said  Lotus  would  not 
support  all  Notes  applications 


going  forward  and  hadn’t  focused 
on  productivity  software  since 
Notes  creator  Ray  Ozzie,  now  with 
Microsoft,  left  in  1997. 

Ironically,  IBM/Lotus  on  the 
same  day  released  three  produc¬ 
tivity  editors  for  its  forthcoming 
Notes  Hannover  client  that  pro¬ 
vide  word  processing,  spread¬ 
sheet  and  presentation  graphics 
capabilities.  The  editors  natively 
support  the  XML-based  Open- 
Document  Format  (ODF)  stan¬ 
dard,  which  Microsoft  has  re¬ 
jected  in  favor  of  a  format  called 
Open  XML  plans  to  introduce 
with  Office  2007  later  this  year. 
(See  “Lotus  adds  ODF  support  to 
Notes,”  page  28.) 

Rhodin  attributed  Gates’  com¬ 
ments  concerning  Ozzie  to  mar¬ 
keting  hype.“The  innovation  work 
that  is  going  on  here  around  such 
things  as  social  networking  and 
activity-centric  computing,  none 
of  that  came  from  Ray  He  has 
been  gone  for  a  decade,”  said 
Rhodin. 


Rhodin  said  the  company’s 
announcements  last  week,  includ¬ 
ing  Notes  Access  for  SAP  Solu¬ 
tions,  deepens  the  integration  be¬ 
tween  SAP  back-end  systems  and 
the  Notes  front-end  client  and 
Workplace.  He  said  it  shows  the 
company  is  squarely  out  in  front 
in  terms  of  innovation.  Notes/ 
Domino  has  had  SAP  integration 
features  since  1997. 

The  SAP  announcement  is  part 
of  IBM/Lotus’  Project  Harmony 
aimed  at  integrating  Notes  and 
Workplace  with  other  corporate 
applications  using  Web  services 
technology.  The  Notes  Access  for 
SAP  Solutions,  a  set  of  templates, 
workflow  capabilities  and  devel¬ 
opment  tools,  is  similar  to  Micro¬ 
soft’s  integration  work  with  SAP 
called  Duet. 

IBM/Lotus  also  introduced  IBM 
Workplace  for  SAP  Software, 
which  provides  browser-based 
access  to  SAP  data  as  part  of 
applications  built  using  Web  ser- 
vices-based  components.  ■ 


Start-ups  zero  in  on  Microsoft  backup,  storage 


BY  DENI  CONNOR 

A  new  breed  of  companies  is 
focused  on  protecting  Microsoft 
servers  running  at  small  and  mid¬ 
size  businesses. 

The  companies,  such  as  Idera 
and  Meridio  and  XOsoft,  special¬ 
ize  in  backing  up, archiving  or  oth¬ 
erwise  protecting  systems  running 
programs  such  as  Exchange,  SQL 
Server  or  SharePoint  that  are 
increasingly  critical  for  SMBs. 

“Microsoft  is  low-hanging  fruit 
because  people  in  the  past  never 
considered  the  desktop  or  the 
e-mail  server  as  mission-critical,” 
says  Sonja  Hoel,  managing  direc¬ 
tor  for  Menlo  Ventures,  whose 
investments  include  Asempra,  a 
start-up  that  makes  business  conti¬ 
nuity  software  for  Microsoft  Ex¬ 
change,  Windows  file  servers  and 
SQL  database  applications.  “Typically,  busi¬ 
nesses  have  not  had  a  very  good  backup 
and  recovery  solution  for  that.” 

In  February,  Asempra  raised  $20  million 
from  Menlo  Ventures,  Polaris  Venture  Part¬ 
ners  and  US  Venture  Partners  to  bring  its 
total  funding  to  $29  million.  Teneros,  which 
makes  business  continuity  appliances  for 
Exchange,  announced  last  month  that  it 
had  received  an  additional  $20  million 


Protecting  Microsoft 

A  sampling  of  vendors  focused  on  safeguarding  Microsoft  systems. 


Company/product 

Microsoft  applications  protected 

Other  apps 

protected  Funding 

Asempra  Business  Continuity  Server 

Exchange,  SQL  Server,  Windows  File  and  Print 

N/A 

$29  million 

Double-Take  Software  Double-Take 

Exchange,  SQL  Server 

Oracle 

$60  million 

Idera  SQLsafe 

SQL  Server 

N/A 

Not  disclosed 

Meridio  enterprise  Document  and 
Records  Management 

SharePoint,  Outlook,  Word,  PowerPoint 

N/A 

$18.4  million 

Mimosa  Systems  NearPoint 

Exchange 

N/A 

$17.5  million 

Neverfail 

Exchange,  SQL  Server,  SharePoint,  Internet 
Information  Server,  Windows  File  and  Print 

Oracle,  Domino 

$10  million 

Teneros  AGA  2500E 

Exchange 

N/A 

$44.5  million 

X0  soft 

Exchange,  SQL  Server,  Windows  File  and  Print 

Oracle  j  $30  million 

from  Goldman  Sachs,  New  Enterprise 
Associates,  Sevin  Rosen  Fund  and  Star 
Ventures,  bringing  its  total  to  $44.5  million. 

“The  area  that  got  us  interested  was  how 
to  provide  enterprise-level  services  to  small 
and  midsize  businesses,"  says  Simon  Clark, 
a  partner  with  Fidelity  Ventures  in  London. 

“Big  enterprises  get  all  of  the  services  and 
all  of  the  quality  Clark  says.“Small  and  mid¬ 
size  businesses  don’t  —  they  don’t  have  a 


lot  of  IT  staff  like  big  enterprises  who  can 
tweak  and  tune  technologies  to  make  them 
work.  Further,  they  don’t  have  the  budget  to 
buy  that  infrastructure.” 

Fidelity  Ventures  has  invested  $10  million 
in  server  recovery  specialist  Neverfail  Group, 
which  offers  its  software  for  Exchange,  SQL 
Server,  SharePoint  and  Windows  file  and 
print  servers,  among  other  applications. 

Sumant  Mandel,  managing  director  for 


Clearstone  Ventures,  says  Ex¬ 
change  wasn’t  built  to  withstand 
the  loads  and  reliability  require¬ 
ments  placed  on  it  today  leaving 
the  door  open  for  ventures  that 
address  such  shortcomings.  “If 
there  is  a  technology  that  makes 
Exchange  more  reliable  and  ro¬ 
bust,  it  needs  to  be  done,”  says 
Mandel,  whose  firm  joined  Jafco 
Ventures,  August  Capital  and  Light¬ 
house  Capital  Partners  in  putting 
$17.5  million  into  Mimosa  Sys¬ 
tems,  which  provides  software  to 
back  up  and  archive  e-mail  on  Ex¬ 
change  servers. 

Such  start-ups  are  not  alone  in 
attacking  the  Microsoft  protection 
market.  EMC  has  made  efforts  in 
this  area,  recently  announcing  its 
Insignia  group  of  products  and 
last  year  introducing  its  Solution 
Suite  for  Microsoft  Exchange  and  SQL 
Server.This  year.it  announced  the  buyout  of 
Interlink  Group  and  Internosis,  both  of 
which  focus  on  Microsoft  application  inte¬ 
gration  and  deployment. 

“The  Windows-specific  data  protection 
and  server  recovery  market  is  going  up¬ 
market  [into  the  data  center]  very  fast,” says 
William  Hurley  senior  analyst  for  the  Data 
Mobility  Group.  ■ 


©2006  Sharp  Corporation 


Keep  the  CEO's  dream  of  growth  from 
becoming  the  CIO's  integration  nightmare. 


INTRODUCING  THE  SHARP  MX-SERIES.  Sharp's  Open  Systems  Architecture  delivers  the 
first  truly  customizable  multifunction  product.  With  its  seamless  integration,  Sharp  OSA  offers  a  broad 
array  of  value-added  functionality.  It  also  gives  you  unparalleled  control,  right  at  the  LCD  screen.  All  of 
which  makes  the  MX-Series  a  powerful  resource  that  grows  with  your  business.  It's  no  wonder  Sharp 
won  the  BLI  award  for  "IT  Friendliness"  and  the  BERTL  5-Star  Exceptional  rating  for  product  usability. 
To  learn  more,  visit  sharpusa.com/documents 


ENERGY  STAR 


As  an  ENERGY  STAR* 
Partner,  Sharp  has 
determined  that  this 
product  meets  the 
ENERGY  STAR'  guidelines 
tor  energy  efficiency. 
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Nortel:  Enterprise  still  key  to  rebound 


Focus,  focus,  focus . . . 


Nortel  is  targeting  these  hot  growth  markets  to  help  turn  the 
company's  fortunes  around. 


Market 

Drivers 

IP  TV 

Carriers  spending  billions  of  dollars  on  equipment  and  upgrade 
to  deliver  interactive  video  to  homes  and  businesses. 

IMS 

A  wireless/wireline  voice,  data,  video  convergence  architecture 
with  IP  at  its  core  that's  driving  much  carrier  spending. 

WiMAX 

Market  for  this  wireless  broadband  technology  is  expected  to 
take  off  as  carriers  look  to  fill  in  coverage  areas  where  DSL 
and  fiber  can’t  reach. 

Metro  Ethernet 

Exploding  equipment  and  services  market  expected  to  grow 
threefold  by  the  end  of  the  decade,  into  tens  of  billions  of  dollars. 

Mobility 

Nortel  plans  to  use  its  leading  technology  and  market  positions 
to  capitalize  on  next-generation  buildouts. 

Enterprise 

Nortel  expects  to  use  its  installed  base  and  market  position 
in  IP  telephony  to  capitalize  on  next-generation  corporate 
infrastructure  projects. 

BY  JIM  DUFFY 

Once  again,  Nortel  is  counting 
on  its  enterprise  operations  to 
help  lift  the  company  out  of  its 
financial  doldrums. 

Nortel  last  week  updated  the 
press  and  analysts  on  its  progress 
during  the  first  six  months  of 
President  and  CEO  Mike  Zafirov- 
skis  tenure  with  the  company 
Among  the  key  points  was  a  reit¬ 
eration  of  the  important  role  Nor¬ 
tel’s  enterprise  business  plays  in 
the  company’s  rebound  from  re¬ 
stating  years  of  financial  results 
after  an  accounting  scandal  in 
2004. 

“We  do  believe  we  have  a  real 
chance  to  be  strong  in  enterprise,” 
Zafirovski  told  analysts  during  a 
conference  call.  “Enterprise  is  an 
area  we  certainly  are  very  com¬ 
mitted  to.” 

That  same  commitment  was 
espoused  by  ex-CEO  Bill  Owens 
when  Nortel  restructured  almost 
two  years  ago  (www.nwdocfind 
er.  com/3562).  Owens  departed 
last  fall  but  Zafirovski  is  moving 
forward  with  the  enterprise 
mantra. 

Zafirovski  says  Nortel  can  use  its 
heritage  in  voice,  its  leading  posi¬ 
tion  in  IP  telephony  and  installed 
base  to  boost  its  profile  in  corpo¬ 
rate  environments  and  become  a 
leading  provider  of  next-genera¬ 
tion  infrastructure  components. 
Zafirovski  has  also  set  goals  for 
Nortel  to  claim  20%  of  the  markets 
it  deems  strategic  over  the  next 
three  years. 

That  might  be  tough  in  enter¬ 
prise.  While  Nortel  is  a  leading 
provider  of  enterprise  telephony 
shipping  the  most  PBX  lines  over 
the  last  two  years,  it  is  second  to 
Cisco  in  the  proportion  of  PBX 
business  generated  from  iPaccor- 
ding  to  the  Dell’Oro  Group. 

Dell’Oro  says  Nortel  is  on  track 
to  generate  more  PBX  revenue 
from  IP  than  TDM  over  the  next 
couple  of  quarters. 


And  though  Nortel  also  is  sec¬ 
ond  to  Cisco  in  Ethernet  switch¬ 
ing,  it  is  a  distant  second.  Nortel 
had  less  than  5%  of  the  2005 
worldwide  Layers  2,  3  and  4-7 
switched  Ethernet  market,  while 
Cisco  accounted  for  71%,  accord¬ 
ing  to  Dell’Oro. 

Analysts  say  it  will  be  close  to 
impossible  for  Nortel  to  build  that 
share  up  to  its  goal  of  20%. 

“What’s  happened  in  the  enter¬ 
prise  is  Cisco’s  gotten  a  lot 
stronger,  Avaya’s  gotten  a  lot 
stronger  in  voice,  HP  has  on  the 
data  side,  and  [Nortel’s]  gotten 
weaker/  says  Zeus  Kerravala,  an 
analyst  at  the  Yankee  Group.  “The 
products  are  OK,  but  when  you  go 
through  as  much  management 
[and  structural]  change  as  they 
have,  it  takes  a  while  to  do  that 
and  it’s  hard  to  do  all  of  those 
things  at  once.” 

Competitors  also  have  been  ex¬ 
ploiting  Nortel’s  tenuous  financial 
position,  citing  the  restatements 
and  operational  turmoil  envelop¬ 
ing  the  company  for  years,  Kerra¬ 
vala  says. 

“Corporate  viability  is  an  impor¬ 
tant  part  of  purchase  decisions,” 
he  says.  “In  data  switching  and 
routing,  it’s  going  to  be  difficult  for 
them  to  hit  that  20%  number  with 
the  number  of  strong  players”  in 
the  market. 

Nortel  is  also  exiting  some 
product  programs  and  scaling 
back  others,  which  might  also 
give  enterprise  buyers  pause.The 
company  ceased  or  canceled 
activities  in  six  product  areas 
over  the  past  six  months,  which 
represented  $73  million  in  R&D 
in  2005. 

Zafirovski  declined  to  identify 
all  of  them  during  last  week’s  con¬ 
ference  call. 

“We  will  not  go  public  with 
every  single  product  decision,”  he 
said.  “This  is  a  normal  course  of 
business.  In  my  31  years  in  busi¬ 
ness,  we  have  never  provided  that 


level  of  granularity’ 

Nortel  reduced  its  activity  in 
three  product  areas,  cutting  R&D 
from  $80  million  in  2005  to  $39 
million  in  2006.  It  also  sold  or  has 
for  sale  two  product  operations 
that  accounted  for  $1 1  million  in 
R&D  in  2005,  Zafirovski  said.  One 
of  them  was  the  company’s  blade 
server  business  (www.nwdocfind 
er.com/3563). 

The  company  is  increasing 
investment  in  three  product  areas 
—  IP  Multimedia  Subsystem,  IP 
TV  and  WiMAX  —  by  $100  million 
over  last  year  and  $67  million  over 
2006’s  budget,  and  has  acquired  a 
product  line  through  its  purchase 
of  router  makerTasman  Networks, 
where  it  will  invest  $1 1  million  this 
year. 

Zafirovski  said  more  product 
rationalization  will  be  forthcom¬ 
ing. 

“We  will  make  sure  that  we  align 
our  investments  and  product 
offerings  much  tighter  than  ever 
before,”  he  said. 


Analysts  say  the  sooner  the 
better. 

“Nortel  has  to  transform  the  way 
it  operates,” says  independent  tele¬ 
com  analyst  Jeff  Kagan.  “They 


have  a  plan,  but  they  still  have  to 
make  it  work.They  still  have  a  very 
tough  job  ahead  of  them  while 
the  industry  moves  forward  very 
quickly’ ■ 


Nortel  adding  IPS  feature 
to  Alteon  application  switch 


BY  ELLEN  MESSMER 

Nortel  today  is  set  to  announce  the  addition  of 
intrusion-prevention  capability  to  the  Nortel  Alteon 
application  switch  so  that  the  load-balancing  and 
traffic-shaping  switch  can  provide  defense  against 
several  hundred  known  vulnerabilities  and  attacks. 

The  intrusion-prevention  feature  for  the  Nortel 
application  switch,  expected  to  be  available  next 
month,  is  based  on  technology  from  Symantec.  Under 
the  partnership,  Symantec  will  provide  security  soft¬ 
ware  updates  for  the  application  switch  via  Syman¬ 
tec’s  online  service,  LiveUpdate.  Analysts  say  this  is  the 
first  time  this  type  of  vulnerability  protection  has 
been  added  to  an  application  switch. 

“Competitors  such  as  Radware  have  delivered  that 
kind  of  intrusion  protection  as  separate  products  but 
not  as  part  of  the  application  switch,”  says  Cindy 
Borovick,  director  of  data  center  networks  at  1DC. 

Borovick  says  Nortel’s  approach  is  primarily  aimed 
at  protecting  servers  because  the  application  switch 
typically  sits  in  front  of  data  center  servers  to 
increase  performance. 

The  Nortel  Application  Switch  with  Symantec  In¬ 
telligent  Network  Protection, as  the  product  is  called, 
doesn’t  include  the  kind  of  comprehensive  intru¬ 
sion-prevention  system  that  would  be  found  in  a 
stand-alone  IPS  appliance  because  that  could  ad¬ 
versely  affect  the  switch,  according  to  Nortel. 

“There  are  probably  8,500  known  signatures  used 


for  vulnerabilities,  and  if  you  scan  for  all  of  them 
there’s  the  risk  of  slowing  down  traffic  and  of  false 
positives,” says  Dan  Schrader,  director  of  product  mar¬ 
keting  and  application  switches  at  Nortel. 

The  Nortel  application  switch  will  instead  target  a 
few  hundred  of  the  most  high-risk  vulnerabilities  and 
attacks,  such  as  worms,  that  could  affect  the  environ¬ 
ment  in  which  the  switch  is  typically  used. 

Schrader  says  there  are  50,000  Nortel  application 
switches  in  use,  and  they  are  typically  found  in  data 
centers  in  front  of  databases,  email  servers  and  Web 
farms  in  midsize  to  large  corporations  and  carriers. 
The  goal  in  adding  the  Symantec  intrusion-preven¬ 
tion  technology  to  the  switch  is  to  block  attacks 
aimed  at  vulnerabilities  found  in  software  in  those 
environments. 

The  Symantec-based  IPS  monitoring  and  blocking 
capability  will  be  controlled  through  the  Java-based 
manager  that’s  part  of  the  Alteon  application  switch. 
Nortel  is  suggesting  customers  start  out  using  IPS  on 
a  monitoring-only  basis  before  turning  on  the  full 
blocking  mode.  That  way,  data  center  managers  can 
gain  experience  with  the  IPS  detection  before  letting 
it  have  any  impact  directly  on  corporate  traffic 
through  blocking. 

The  Nortel  Application  Switch  with  Symantec 
Intelligent  Network  Protection  costs  $15,000  to 
$35,000  per  switch,  with  the  intrusion-prevention 
capability  available  as  a  $5,000  license  upgrade.* 


nww.com 

Network  World  application  security  event 

As  security  moves  "up  the  stack"  defenses  must  reach  down  to  protect  the  core. 
Integrating  VoIP  and  wireless  into  the  security  grid.  Implementing  automatic  patch 
management.  What  are  the  best  practices  and  technologies  to  create  a  fortress 
enterprise?  Attend  Application  &  Content  Security:  Building  a  Defensible  Network  — 
a  new  Network  World  LIVE  Technology  Tour  event,  www.nwdocrmder.com/3422 


Let  Internet  Security  Systems  stop 

network  threats  before  they  impact  your  business 
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How  do  you  ensure  compliance  and  manage  costs  when  your  security  is  less  than  certain?  Even  "zero-day"  solutions  aren't  fast  enough  to 
protect  against  losses  once  an  Internet  attack  hits.  The  alternative  is  preemptive  security  from  Internet  Security  Systems.  Because  our  enterprise 
solutions  are  based  on  the  world's  most  advanced  vulnerability  research,  only  ISS  can  can  offer  preemptive  security  and  stop  threats  More  they 
impact  your  business.  So  why  rely  on  "reaction"  when  security  can  be  a  sure  thing? 


Need  proof?  Get  a  free  whitepaper,  Preemptive  Security:  Changing  the  Rules,  at  www.iss.net/proof  or  call  800-776-2362. 
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Open  source  role  at  Sun  remains  murky 


BY  NETWORK  WORLD  STAFF 

With  a  growing  number  of  companies 
using  Java-based  applications  to  anchor 
Web  services  and  service-oriented  archi¬ 
tectures,  it’s  not  surprising  the  big  themes  of 
the  JavaOne  show  last  week  centered  on 
open  source  and  integration. 

Sun  talked  about  its  plans  to  offer  the 
core  Java  code  on  an  open  source  basis 
and  made  moves  in  that  direction  with  the 
release  of  several  Java  components,  includ¬ 
ing  Web  services  technology  aimed  at  help¬ 
ing  Java  software  work  with  Microsoft’s  .Net 
Web  services  framework.  Others,  such  as 
Oracle  and  BEA  Systems,  also  had  an¬ 
nouncements  focusing  on  integrating  Java 
into  broader  SOA  designs. 

Sun  remains  reluctant  to  completely  open 
the  core  code  of  Java  because  of  concerns 
that  the  programming  language  will  end  up 
fragmented,  thus  threatening  its  “write  once, 
run  anywhere”  philosophy 

Nevertheless,  Rich  Green,  Sun  software 
executive  vice  president,  used  his  keynote 
address  at  the  show  to  promise  attendees 
that  Sun  is  working  on  finding  a  way  to  con¬ 


tribute  Java  to  the  open  source  community 

“There  are  two  battling  forces  here,”  said 
Green,  a  veteran  Sun  executive  who 
returned  to  the  company  just  weeks  ago. 
“There  is  the  desire  to  completely  open  this 
up. . . .  The  flip  side  is,  compatibility  really 
matters.  1  don’t  think  anybody  wants  to  see 
a  diverging  Java  platform.” 

The  Java  community  is  seeing  fragmenta¬ 
tion  with  two  competing  development 
environments:  Eclipse,  backed  by  IBM,  and 
Sun’s  NetBeans  development  platform. 

For  Sun,  the  challenge  is  to  open  the  core 
Java  code  in  a  way  that  doesn’t  result  in 
fragmentation, similar  to  what  happened  to 
Unix  as  vendors  fine-tuned  the  operating 
system  into  separate,  proprietary  offerings. 

Still,  as  far  as  open  source  Java,  Green 
said:  “It’s  not  a  question  of  whether,  it’s  a 
question  of  how,  and  so  we’ll  go  do  this.” 

At  the  same  time,  analysts  say  there  will  be 
a  growing  battle  for  control  of  Java  as  its 
presence  in  enterprise  data  centers  grows. 

“There  is  always  the  political  fight  for  con¬ 
trol  of  Java  between  Sun,  IBM,  BEA  Systems, 
Oracle  and  others,”  says  Shawn  Willett,  a 


principal  analyst  at  Current  Analysis.“In  the 
end  somebody’s  got  to  control  it  in  order  to 
ensure  compatibility  and  avoid  fragmenta¬ 
tion.  . . .  Expect  more  friction  [as  the  use  of 
Java]  expands.” 

“There  is  always  the 
political  fight  for  con¬ 
trol  of  Java  between 
Sun,  IBM,  BEA 
Systems,  Oracle  and 
others.” 

Shawn  Willett,  principal  analyst,  Current  Analysis 

In  the  meantime,  Sun  is  moving  the 
broader  Java  environment  in  an  open 
direction.  At  the  show  the  company  re¬ 
leased  Java  Enterprise  Edition  5,  which  sup¬ 
ports  a  number  of  important  Web  services 
standards  and  is  designed  to  be  easier  to 
use  than  its  predecessor,  Java  2  Platform 
Enterprise  Edition,  Sun  executives  say 
In  addition,  the  company  unveiled  a  soft¬ 


ware  license,  the  Operating  System 
Distributor’s  License  for  Java,  which  elimi¬ 
nates  restrictions  that  made  it  difficult  for 
Linux  vendors  to  ship  the  Java  Runtime 
Environment  and  Java  Development  Kit. 

One  Linux  distributor  joined  Sun  execu¬ 
tives  onstage  to  express  support  for  the  new 
license.  “Because  of  substantial  changes 
that  your  team  has  made,  we  can  make 
Linux  available  directly  to  users  of  free  soft¬ 
ware  desktops,”  said  Mark  Shuttleworth, 
founder  and  CEO  of  Ubuntu  Linux  distribu¬ 
tor  Canonical. 

Though  Sun  is  interested  in  promoting 
Java  on  the  Linux  platform,  the  most  promi¬ 
nent  Linux  distribution,  Red  Hat,  was  absent 
from  a  two-hour  keynote  presentation  that 
also  featured  speakers  from  Microsoft  and 
open  source  vendor  JBoss. 

As  for  the  time  frame  to  offer  the  core 
Java  platform  to  the  open  source  commu¬ 
nity  Sun  executives  say  it  may  be  a  year 
and  half  away 

IDG  News  Correspondent  Robert  McMillan 
contributed  to  this  report. 


CAN  YOU  HANDLE  ALL  THE  DATA  THAT'S  COMING  YOUR  WAY? 

Introducing  midrange  storage  with  high-end  functionality.  We  know  what  you're  up  against,  and  it's  a  lot.  An  explosion  of  data,  a  complex  infrastructure, 
and  limited  resources. Our  new  midrange  modular  storage  solutions  help  you  tackle  these  issues  and  more.Three  cost-effective  solutions:the  Network  Storage 
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Reflexion  bolsters  anti-spam  features 


BY  CARA  GARRETSON 

Reflexion  Network  Solutions  this  week  is 
scheduled  to  release  an  upgrade  to  its 
anti-spam  hosted  service  based  on  the 
company’s  belief  that  multiple  e-mail 
addresses  are  better  than  one. 

Total  Control  4.0  combines  traditional 
anti-spam  tactics,  such  as  whitelisting  and 
content  filtering,  with  an  unusual 
approach  to  fighting  spam. The  service  lets 
an  unlimited  number  of  e-mail  addresses 
be  associated  with  each  user’s  primary 
e-mail  in-box,  so  that  users  can  control 
who  has  access  to  their  e-mail  address  and 
discover  when  their  addresses  have  been 
shared  without  authorization,  says  Reflex¬ 
ion  CEO  David  Hughes. 

The  company  calls  this  fractionated  in¬ 
box  access.  Each  Total  Control  user  has  a 
primary  e-mail  address;  when  a  new  con¬ 
tact  tries  to  reach  the  user  at  that  address, 
a  response  is  automatically  generated 
asking  the  contact  to  resend  to  a  slightly 
different  address.  The  idea  is  that  legiti¬ 
mate  senders  will  resend,  while  spam¬ 


mers,  who  often  use  automated  scripts  to 
send  unwanted  e-mail,  will  not.  This  is 
similar  to  the  way  challenge-response 
programs  work,  such  as  those  from 
Sendio  and  CA. 

Total  Control  goes  beyond  confirming 
senders  are  who  they  say  they  are  by 
coupling  the  new  contact’s  e-mail 
address  with  the  appropriate  supplemen¬ 
tal  e-mail  address  of  the  service’s  user; 
whenever  a  third  party  sends  e-mail  to 
that  supplemental  address  the  user 
knows  his  e-mail  address  has  been 
shared,  and  can  determine  whether  or 
not  such  action  was  authorized. 

Total  Control  creates  supplemental 
addresses  and  resolves  them  to  the  pri¬ 
mary  in-box,  so  it  is  transparent  to  users 
and  system  administrators,  Hughes  says. 

In  addition, Total  Control  includes  an  on- 
the-fly  e-mail  address  option,  so  a  user 
who  visits  a  Web  site  and  wants  to  sign  up 
for  e-mail  alerts  can  create  a  new  address 
for  entering  into  the  Web  form.  If  an  orga¬ 
nization  other  than  the  Web  site  e-mails 


the  user  at  that  address,  the  user  knows  it 
has  probably  been  shared  without  autho¬ 
rization  and  can  block  it  accordingly, 
Hughes  says. 

When  it  comes  to  blocking  spam,  Total 
Control  works,  says  David  McCary,  a 
founder  of  McCary  Stevens  Associates, 
commercial  mortgage  underwriters  based 
in  Hartford,  Conn.  Before  signing  up  for 
Total  Control  the  company  had  no  spam¬ 
blocking  in  place  and  was  “getting 
crushed,”  McCary  says.  Now  the  20-person 
firm  gets  no  unwanted  messages. 

The  service’s  downside  is  that  it’s  hard  to 
explain  and  understand,  he  says. 

“It  really  took  me  a  while  to  get  comfort¬ 
able  with  the  concept;  it’s  very  different 
from  everything  I’ve  read  or  experienced,” 
McCary  says.  “Now  that  I’m  a  year  into 
[using]  it,  I  can  really  appreciate  how 
unique  and  effective  the  approach  is.” 

With  Version  4.0,  Reflexion  has  included 
Mailshell’s  content  filters  and  integrated  a 
range  of  whitelists  that  specify  approved  IP 
addresses.  Reflexion  has  added  these  fea¬ 


tures  because  the  company  believes  the 
more  layers  of  spam  protection  a  com¬ 
pany  uses  the  better,  Hughes  says. 

For  an  organization  with  1,000  users, 
Total  Control  4.0  is  priced  at  $15,000  for 
the  first  year,  $7,500  for  the  second  year.  ■ 


What's  next  for  VoIP  managers? 

Video  over  IR  Unified  messaging.  Wireless  VoIR 
Real-time  Web,  audio,  video.  And  an  exciting  suite  of 
collaborative  apps  that  unleash  a  chain  reaction  of 
benefits  across  the  enterprise.  See  them. 
Understand  them.  And  implement  them  when  you 
attend  The  VoIP  Payoff:  Convergence  & 

Collaboration  —  Capitalizing  on  the  New  Benefits  of 
Real-time  Networks,  the  Network  World  LIVE 
Technology  Tour  event  coming  in  June.  Qualify  to 
attend  free. 

www.nwdocfinder.com/3171 


Controller,  Adaptable  Modular  Storage,  and  Workgroup  Modular  Storage.  Each  built  to  meet  unique  application  requirements.  Each  with  high-end  functionality  from 
ourTagmaStore  platform.To  team  more  about  Hitachi  midrange  modular  storage,  and  how  we  can  be  your  Partner  Beyond  Technology,  visit  www.hds.com/modular 
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Bird  flu  bargains 
begin  to  appear 

BY  TIM  GREENE 

Vendors  are  coming  up  with 
deals  to  make  sure  disasters  such 
as  a  potential  bird  flu  outbreak 
don’t  cripple  businesses  finan¬ 
cially  by  forcing  them  into  over¬ 
provisioning  for  those  presum¬ 
ably  brief  periods  when  staff 
works  from  home  to  keep  from 
making  others  sick  or  getting  sick 
themselves. 

Remote  access  vendors  are 
making  special  offers  they 
describe  as  insurance  policies 
that  give  customers  technology 
and  services  that  can  be  imple¬ 
mented  at  a  moments  notice. 

Array  Networks,  Aventail  and 
Citrix  have  plans  through  which 
customers  can  buy  extra  licenses 
for  just  weeks  or  months  to  deal 
with  spikes  in  remote  access  use. 

Service  provider  Positive  Net¬ 
works  will  preconfigure  VPN  tun¬ 
nels  for  customers  so  they  can 
turn  up  VPNs  immediately  with¬ 
out  requiring  new  hardware. 

Concern  about  the  impact  of  a 
flu  outbreak  that  could  affect 
millions  of  people  worries  IT 
executives,  says  Rob  Whiteley, 
an  analyst  for  Forrester  Re¬ 
search  whose  firm’s  Security 
and  Risk  Council  user  round 
table  discussed  the  problem. 

“They  said  things  like, ‘We  need 
better  disaster  preparation 
plans  for  things  like  bird  flu,’ 
and,  ‘I  need  infrastructure  that 
can  scale  and  licensing  to  scale 
with  it’”  he  says. 

A  flu  pandemic  would  make  75 
million  to  90  million  people  sick 
in  the  United  States, with  as  many 
as  2  million  deaths,  according  to 
U.S.  Congressional  Budget  Office 
projections.  In  an  outbreak,  large 
numbers  of  people  will  be 
forced  to  stay  home  for  short 
periods.  For  example,  the  United 
Kingdom  predicts  an  outbreak 
could  keep  25%  of  the  working 
population  at  home  for  five  to 
eight  working  days. 

It  isn’t  feasible  to  buy  remote 
access  capacity  for  peak  times, 
only  to  pay  for  it  being  left  idle 
the  rest  of  the  time,  says  Gene 
Abramov,  senior  security  and 
compliance  engineer  for  H&R 
Block.The  Kansas  City,  Mo., com¬ 
pany  needs  to  grant  120,000 
workers  remote  access  to  its  net¬ 
work  during  tax  season,  but  only 


Gartner 

continued  from  page  1 

focus  their  attention  on  the  upper  layers  of  the  stack, 
and  look  to  security  data  control,  application  opti¬ 
mization  and  mobility  services  as  key  features  that 
will  benefit  the  organization  far  more  than  installing 
Gigabit  Ethernet  for  all  desktops,”  Fabbi  said. 

An  industry  trend  Fabbi  is  addressing  is  the  ubi¬ 
quity  of  10/ 100/ 1000Mbps  switch  equipment  from 
3Com,  Cisco,  Extreme,  Nortel  and  others.  Most  new 
modular  and  stackable  switch  products  released  for 
enterprise-class  networks  in  the  past  year  are  based 
on  triple-speed  ports,  which  autonegotiate  links 
based  on  the  connection  speed  of  clients  that  are 
also  going  overwhelmingly  Gigabit.  Built-in 
10/100/1000  interface  cards  are  now  standard  fea¬ 
tures  on  many  PCs  from  Dell,  HP  and  others. 

But  from  a  cost  standpoint,  the  question  of  whether 
to  go  Gigabit  is  complex.  Application  usage,  the  form 
factor  of  the  products  and  the  medium  of  the  wiring 
all  contribute  to  the  cost  of  the  technology  and  the 
decision  to  use  it,  analysts  and  users  say 

In  spite  of  popular  beliefs  caused  by  dramatic 
price  reductions  in  the  last  few  years, “Gigabit  Ether¬ 
net  is  not  free,”  says  Seamus  Crehan,  an  analyst  with 
the  Dell’Oro  Group. “Gigabit  Ethernet  still  has  a  very 
significant  price  premium  over  Fast  Ethernet, but  you 
have  to  break  down  the  market  a  little.” 

Averaging  out  the  entire  industry,  the  cost  of  a 
Gigabit  port  was  80%  to  300%  the  price  of  a  Fast 
Ethernet  port  in  2005.  But  considerations  must  be 
made  on  switch  form  factor, such  as  chassis-based  or 
stackable  switches. 

The  industry  average  for  a  modular  Gigabit 
Ethernet  port  in  2005  was  around  $300,  while  a  Fast 
Ethernet  modular  port  was  around  $170.  But  this 
includes  fiber  and  copper  ports.  Crehan  estimates 
copper  modular  Gigabit  costs  only  around  25% 
more  per  port  than  Fast  Ethernet. 

(An  example  is  a  48-port  line  card 
for  the  Cisco  Catalyst  6500:  $6,000 
for  10/100,  and  $7,000  for 
10/100/1000  ports).  In  2005, 

Gigabit  modular  ports  outsold  Fast 
Ethernet  modular  ports  by  50%. 

“It’s  no  coincidence  that  large 
businesses  have  adopted  modular 
Gigabit  in  chassis  switches,” 

Crehan  says.“Generally,  those  large 
networks  tend  to  have  chassis  all 
the  way  out  to  the  wiring  closets,  and  they  future- 
proof  more  and  have  a  greater  need  for  bandwidth.” 

Network  professionals  agree  that  for  the  small 
price  of  upgrading  to  Gigabit  in  these  specific 
cases,  the  purchase  is  worth  it  even  if  the  band¬ 
width  isn’t  being  used. 

At  the  First  American  National  Bank  of  Texas,  a 
regional  bank  with  30  locations  in  North  Texas, 
almost  half  the  Cisco  switch  ports  deployed  are 
10/100/1000,  and  almost  60%  of  the  Dell  desktops 
have  Gigabit  Ethernet  network  interface  cards 
built  in. 

“I  wouldn’t  consider  it  overengineering  the  net¬ 
work,”  says  Kurt  Paige,  network  administrator  for  the 
bank.“I  consider  it  staying  on  top  of  the  technology. 
If  we’re  going  to  buy  a  piece  of  equipment  and  we 
can  get  a  10/100/1000  port  for  only  a  little  more, 
we’ll  go  with  the  newer  switch,  even  if  the  speed 
may  not  be  used.” 


"I  can’t  say  it’s  a  waste  of 
money.  When  you  buy  new 
switches,  you’re  buying 
something  for  the  next  three 
to  five  years.” 

Adorian  Ignat,  director  of  IT,  North  Bronx  Health  Network 

Besides  increased  speed,  newer  switches  offer  fea¬ 
tures  such  as  802. IX  authentication,  wireless  LAN 
network  integration  and  QoS  capabilities  that  are 
rolled  into  the  10/100/1000  hardware,  Paige  adds. 

At  the  North  Bronx  Health  Network  in  New  York, 
LAN  ports  range  from  10M  to  lOGbps.  Extreme  back¬ 
bone  switches  link  with  10G  Ethernet,  while  some 
users  have  Gigabit  links  to  view  digital  radiology 
images.  But  the  majority  of  users  still  connect  with 
10/1 00Mbps,  says  Adorian  Ignat,  director  of  IT. 

“We  have  some  10/100/1000  ports  to  desktops 
but  not  very  many  right  now;”  Ignat  says. “If  I  don’t 
need  that  bandwidth  there’s  no  sense  in  putting  it 
in  right  now." 

While  he  is  not  looking  to  drive  Gigabit  to  the 
desktop,  Ignat  says  triple-speed  ports  facing  the 
desktop  are  inevitable,  as  part  of  the  regular  cycle  of 
LAN  and  PC  upgrades. 

“You  always  change  out  about  35%  of  your  com¬ 
puters  every  year,  and  the  new  ones  come  with  new 
Gigabit  cards,”  Ignat  says.  “If  I’m  going  to  buy  new 
switches,  I’m  going  to  buy  them  with  the  latest  cards, 
which  will  probably  be  10/100/1000.” 

But  couldn’t  the  premium  paid  for  Gigabit  Ethernet 
be  put  toward  other  technologies?  It  actually  is,  Ignat 
says.“I  can’t  say  it’s  a  waste  of  money’  he  says.“When 
you  buy  new  switches,  you’re  buying  something  for 
the  next  thee  to  five  years.  Newer  [switch  line  cards] 
have  newer  features  and  chipsets  that  do  other 
things  that  you  may  need.”  In  the 
case  of  Extreme,  switch  ASICs  on 
its  latest  cards  include  security  fea¬ 
tures,  network  management  and 
packet  monitoring  capabilities 
Ignat  finds  valuable. 

“A  lot  of  our  customers  have  told 
us  it’s  a  use-it-or-lose-it  mentality 
with  their  budget,”  says  Mike 
Flaum, product  brand  manager  for 
Nortel’s  Ethernet  switch  business. 
“Once  they  have  the  funding  to 
make  [an]  upgrade,  they  buy  the  best  equipment 
available  at  that  time. ...  Do  you  need  the  Gigabit 
today?  You  probably  don’t,  but  in  the  next  five  to 
seven  years  as  you  depreciate  that  equipment,  you 
want  to  build  your  network  for  future  uses  and  the 
capabilities  for  that.” 

This  five-to-seven  year  outlook  is  something  users 
should  keep  in  mind  when  buying  switches,  and  not 
just  in  terms  of  bandwidth,  one  industry  observer 
says.  Built-in  security  in  LAN  switches  is  what  buyers 
should  really  be  looking  for.  Whether  the  ports  are 
Fast  or  Gigabit  Ethernet  should  be  secondary 

“The  [LAN]  environment  has  changed,"  says 
Lawrence  Orans,  principal  analyst  with  Gartner.“Five 
years  ago,  we  weren’t  worried  about  worms  on  inter¬ 
nal  networks.  Then  things  like  Sasser  and  Blaster 
changed  the  game.  Now  we  have  to  be  aware  of 
those  kinds  of  threats,  and  protection  has  to  be  built 
into  the  Ethernet  switch  to  take  care  of  that.”B 


Pandemic  checklist 

Getting  technology  in  place 
to  handle  disaster-related 
spikes  in  work-from-home 
employees  is  just  part  of 
the  problem.  Some  other 
factors  to  plan  for: 

•  Determining  how  much  you  can 
spend  on  disaster  technology. 

•  Training  new  users  on  the  disaster 
technology. 

•  Notifying  people  when  work-at-home 
procedures  kick  in. 

•  Ensuring  enough  bandwidth  so 
access  doesn't  come  to  a  crawl 
because  of  congestion. 

•  Prioritizing  workers  so  key 
employees  can  always  get  access. 

•  Determining  how  to  run  the  disaster 
technology  when  all  of  IT  calls  in  sick. 

10,000  the  rest  of  the  time.  “You 
can’t  afford  to  buy  120,000  [full] 
user  licenses,”  he  says.Ht’s  a  ques¬ 
tion  of  do  you  have  money  to 
burn?  We  can’t  do  that.” 

Instead,  the  company  buys 
spike  licenses  from  remote 
access  vendor  Aventail  that  lets 
H&R  Block  pay  a  flat  fee  upfront 
and  get  a  license  for  a  given 
number  of  users  that  is  good  for 
either  30  or  90  days.  So,  a  cus¬ 
tomer  who  bought  an  Aventail 
EX  1 500  SSL  VPN  gateway  with 
100  permanent  licenses  for 
$20,000  could  buy  150  spike 
licenses  good  for  30  days  for  an 
extra  $1,500.  By  comparison,  it 
costs  $11,000  to  upgrade  an  EX 
1500  from  100  to  250  users  using 
Aventail’s  regular  licensing  costs. 

Array  is  promoting  its  Business 
Continuity  Plan,  which  lets  cus¬ 
tomers  sign  up  for  extra  licenses 
one  month  at  a  time.  Customers 
can  add  as  many  users  as  desired 
up  to  the  capacity  of  the  Array 
SSL  VPN  box,  which  ranges  from 
500  to  64,000  users,  depending 
on  the  model. 

When  demand  for  more  licens¬ 
es  arises,  customers  just  start 
using  them  and  get  billed  at  the 
end  of  the  month.  A  burst  of 
1,000  users  would  cost  about 
$10,000,  the  company  says. 

Similarly,  Citrix  is  introducing 
See  Bird  flu,  page  16 


Pricing  switches 

Fast  Ethernet  outsold  Gigabit 
Ethernet  overall  in  2005,  but 
Gigabit  ports  in  chassis 
switches  outsold  Fast 
Ethernet  switch  blades  by 

50%. 


FOR  ONCE,  MANAGEMENT 
THAT  MAKES  THINGS  SIMPLE. 


The  IBM  eServer™  xSeries®  226  Express  helps  you  manage 
your  current  servers  from  a  single  console.  That’s  simple. 
And  together  with  Intel®  Xeon®  Processors,  the  x226  can 
help  meet  your  business  needs  now  and  as  you  grow. 
That’s  smart.  The  x226  can  even  alert  you  to  potential 
hard  drive  problems  up  to  48  hours  in  advance.  With  IBM, 
innovation  comes  standard.  It’s  that  simple. 

IBM  eServer  xSeries  226  Express 

Great  for  file,  print,  remote  office,  and  collaboration. 

From  $919 

Up  to  two  Intel®  Xeon®  Processors  3.40GHz  2MB  L2  Cache 
IBM  Director  monitors  the  system  and  provides  alerts 
Up  to  16GB  PC2-3200  DDR  II  memory 
Up  to  1.8TB  Hot  Swap  SCSI  storage 
Limited  warranty:  up  to  3  years  on-site' 


Xeon 


inside 


IBM  eServer  xSeries  236  Express 
From  $2,005 

IBM  Financing  Advantage  only  $63/month2 


IBM  eServer  xSeries  346  Express 
From  $2,025 

IBM  Financing  Advantage  only  $64/month2 


Up  to  two  Intel®  Xeon®  Processors  3.80GHz  2MB  Up  to  2.7TB  using  300GB  Hot  Swap 
L2  Cache  SCSI  HDDs 


Light  Path  Diagnostics  pinpoints  hardware 
problem  areas 

Up  to  16GB  PC2-3200  DDR  II  memory 


Redundant  power  capable 
Limited  warranty:  3  years  on-site1 


Up  to  two  Intel®  Xeon®  Processors 
3.80GHz 

Two-way  2U  rack  server 
Up  to  16GB  DDR  II  memory 
using  8  DIMM  slots 


Predictive  Failure  Analysis  and  Light  Path 
Diagnostics  help  provide  easy 
identification  of  hardware  problems 

Limited  warranty:  3  years  on-site' 


RAID  Card.  At  no  extra  charge. 

Purchase  a  select  IBM  eServer  xSeries  Express  server  and  you  can  receive  a  RAID  upgrade  at  no  additional  charge.  Offer  is  good  for  a 
limited  time  only  and  subject  to  availability  on  the  following  systems:  x206m  Express,  x226  Express,  x236  Express,  and  x346  Express. 


ibm.com/systems/innovate30  1  866-872-3902  mention  104CE20E 


*AII  prices  are  IBM's  estimated  retail  selling  prices  as  of  April  17, 2006.  Prices  may  vary  according  to  configuration.  Resellers  set  their  own  prices,  so  reseller  prices  to  end  users  may  vary.  Products  are  subject  to  availability.  This  document 
was  developed  for  offerings  in  the  United  States.  IBM  may  not  offer  the  products,  features,  or  services  discussed  in  this  document  in  other  countries.  Prices  subject  to  change  without  notice.  Starting  price  may  not  include  a  hard  drive, 
operating  system  or  other  features.  Contact  your  IBM  representative  or  IBM  Business  Partner  for  the  most  current  pricing  in  your  geography.  1.  IBM  hardware  products  are  manufactured  from  new  part's,  or  new  and  serviceable  used  parts. 
Regardless,  our  warranty  terms  apply.  For  a  copy  of  applicable  product  warranties,  write  to:  Warranty  Information,  P.0.  Box  12195.  RTP.  NC  27709,  Attn:  Dept.  JDJA/B203.  IBM  makes  no  representation  or  warranty  regarding  third-party 
products  or  services,  including  those  designated  as  ServerProven  or  ClusterProven.  Telephone  support  may  be  subject  to  additional  charges.  For  on-site  labor,  IBM  will  attempt  to  diagnose  and  resolve  the  problem  remotely  before  sending 
a  technician.  On-site  'warranty  is  available  only  tor  selected  components.  Information  about  non-IBM  products  is  obtained  from  the  manufacturers  of  those  products  or  their  published  announcements.  IBM  has  not  tested  those  products 
and  cannot  confirm  the  performance,  compatibility,  or  any  other  claims  related  to  non-IBM  products.  Questions  on  the  capabilities  of  non-IBM  products  should  be  addressed  to  the  suppliers  of  those  products.  2.  IBM  Global  Financing 
offerings  are  provided  through  IBM  Credit  LLC  in  the  United  States  and  other  IBM  subsidiaries  and  divisions  worldwide  to  qualified  commercial  and  government  customers.  Monthly  payments  provided  are  tor  planning  purposes  only 
and  may  vary  based  on  your  credit  and  other  factors.  Lease  otter  provided  is  based  on  a  FMV  lease  ot  36  monthly  payments.  Other  restrictions  may  apply.  Rates  and  offerings  are  subject  to  change,  extension  or  withdrawal  without  notice. 
3.  Offer  subject  to  the  complete  terms  ot  the  IBM  eServer  xSeries  Express  server  and  RAID  promotion.  IBM.  the  IBM  logo.  eServer  and  xSeries  are  trademarks  or  registered  trademarks  ot  International  Business  Machines  Corporation  in 
the  United  States  and/or  otner  countries.  Intel,  Intel  Inside,  the  Intel  Inside  logo.  Intel  Xeon,  Xeon  Inside  and  Pentium  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries. 
Microsoft  is  a  trademark  ot  Microsoft  Corporation  in  the  United  States,  other  countries,  or  both.  Other  company  product  and  service  names  may  be  trademarks  or  service  marks  of  others.  ©  2006  IBM  Corporation.  All  rights  reserved. 
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Microsoft 

continued  from  page  1 

called  this  “the  last  mile  of  pro¬ 
ductivity 

He  also  demonstrated  how  ser¬ 
vices  such  as  Windows  Live  Local, 
which  provides  maps,  could  be 
integrated  with  corporate  data  to 
aid  in  analysis  and  decision  mak¬ 
ing,  showing  how  Microsoft  plans 
to  remove  barriers  between  cor¬ 
porate  data  repositories  and  Web- 
based  information. 

The  demonstrations  provided 
some  of  the  deepest  insights  yet  as 
to  how  Microsoft  plans  to  link  cor¬ 
porate  software  with  Web-based 
services,  which  it  is  developing  to 
support  its  interest  in  the  lucrative 
online  advertising  market  domi¬ 
nated  by  Google  and  Yahoo. 


The  challenge  for  Microsoft  is 
making  the  transition  into  the 
Web  2.0  world  of  services  while 
keeping  such  services  from  mar¬ 
ginalizing  Microsoft’s  core  compe¬ 
tency  and  revenue  sources:  Win¬ 
dows  and  Office. 

To  do  that,  Microsoft  must  de¬ 
velop  its  Windows  Live  services  to 
grab  more  of  a  share  of  the  online 
ad  market,  which  Forrester 
Research  says  will  grow  to  $29  bil¬ 
lion  in  2009  from  $15  billion 
today 

“These  Windows  Live  services 
represent  the  first  across-the- 
board  investment  in  MSN  in  10 
years,”  says  Matt  Rosoff,  an  analyst 
with  Directions  on  Microsoft. 
“MSN  has  had  a  lot  of  services,  but 
they  have  never  been  integrated.  I 
think  Microsoft  was  waiting  to  see 


Software  targets 
internal  leaks 

BY  CARA  GARRETSON 

A  new  company  that  was  recently  spun  out  of  a  larger  software  maker 
this  week  will  announce  a  product  designed  to  protect  companies 
from  internal  security  and  information  leakage  threats. 

NextSentry  in  February  became  a  wholly  owned  subsidiary  of  Next  IT, 
makers  of  artificial  intelligence-based  software  designed  to  add  self- 
service  features  to  Web  sites,  which  has  been  used  to  help  government 
agencies  track  illegal  activity  over  the  Internet.  In  June,  NextSentry  will 
release  ActiveSentry,  which  uses  artificial  intelligence  to  learn  an 
employee’s  role  within  an  organization  to  determine  when  that  employ¬ 
ee  may  be  violating  company  policy  says  CEO  Jim  Hereford. 

The  company  is  targeting  the  financial  industry  with  this  release,  but 
plans  to  expand  the  product  in  future  releases  to  protect  intellectual 
property,  medical  information  and  other  types  of  sensitive  data,  he  says. 

The  desktop  software  monitors  employee  actions  for  distribution  of 
sensitive  information  via  e-mail,  instant  messaging,  blog  postings,  file 
transfers,  printouts  or  saving  to  removable  storage  devices.The  software 
is  based  on  a  context-based  engine  called  ContextIQ  that  aims  to 
understand  a  user’s  intent;  for  example, a  user  cutting  and  pasting  bank 
account  information  from  one  banking  application  to  another  would 
appear  normal  to  the  software,  but  cutting  and  pasting  such  informa¬ 
tion  into  a  Web  browser  could  raise  a  flag. 

“Banks  have  spent  a  lot  of  time  and  energy  solidifying  the  external 
perimeter  from  the  security  perspective,  but  the  second  piece  of  that  is 
the  internal  part,”  says  Jim  Brockett,  senior  vice  president  and  CIO  of 
Washington  Trust  Bank,  which  has  $3  billion  in  assets  and  900  employ¬ 
ees.  His  company  has  been  using  ActiveSentry  for  about  a  year,  from 
when  the  product  was  owned  by  Next  IT, and  says  when  he  began  look¬ 
ing  for  such  a  product,  it  was  the  only  one  he  found. 

Today  NextSentry  competes  with  a  few  other  vendors,  including 
Oakley  —  another  start-up  with  roots  in  the  government  sector  —  and 
Vericept. 

ActiveSentry  includes  a  management  dashboard  so  administrators 

can  install  and  uninstall  the  soft¬ 
ware  on  desktops  without  detec- 
tion,  as  well  as  manage  policies 
uLuUKI  I  I  and  create  reports.  ActiveSentry  is 

Subscribe  to  our  free  newsletter.  priced  starting  at  $50,000  for  a  typ- 
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Crossing  the  divide 


Microsoft  believes  the  future  of  computing  will  come  down  to 
a  combination  of  software  and  services  that  will  lead  end 
users  to  the  information  they  need  and  enable  them  to  act  on 
that  data.  Here  are  some  of  the  software  and  services  the 
company  is  working  on. 


Software/services 


Availability 


SharePoint  Server 
2007 


Centerpiece  of  collaboration  strategy 
and  hub  for  corporate  search  services. 


Ships  later  this  year 
with  Office  2007  to 
corporate  customers. 


Windows  Live 
Search 


Internet-based  search  services  slated 
to  become  Microsoft's  single  search 
interface. 


beta 


Windows  Live  Local 


Services  for  maps,  satellite  photos, 
being  used  by  some  to  integrate  with 
corporate  software. 


In  beta 


what  MSN  would  become,  but 
now  they  have  seen  how  Google 
and  Yahoo  have  grown.” 

Getting  up  to  speed  and  tying 
services  into  its  corporate  soft¬ 
ware  won’t  come  cheap.  Last 
month,  Microsoft  CTO  Ray  Ozzie, 
who  is  orchestrating  the  compa¬ 
ny’s  services  strategy,  told  Fortune 
magazine  that  executing  the  strat¬ 
egy  will  cost  “staggering”  amounts 
of  money  including  technology 
and  infrastructure  investments. 
Ozzie  also  told  the  magazine  that 
while  the  economic  benefits  of 
online  advertising  are  obvious, 
how  the  economic  model  applies 
to  the  enterprise  market  is  not. 

Microsoft  has  introduced  nearly 
20  Windows  Live-branded  services 
since  November,  many  of  which 
are  makeovers  of  existing  MSN  ser¬ 
vices,  or  knockoffs  of  Google  or 
Yahoo  offerings,  or  those  of  com¬ 
panies  Microsoft  has  acquired. 

What  else  is  expected? 

Earlier  this  month,  Microsoft 
publicly  launched  adCenter, 
which  is  used  to  build  online  ad 
campaigns  and  mimics  Google’s 
AdSense  and  similar  technology 
used  by  Yahoo.  In  addition, 
Microsoft  recently  acquired 
DeepMetrix,  a  Web  traffic  analyt¬ 
ics  firm,  and  plans  to  incorporate 
its  product  into  adCenter  and 
other  online  services  much  the 
way  Google  has  done  with  its 
Google  Analytics  tool. 

Microsoft  also  plans  additional 
funding  for  its  online  advertising 
campaign,  which  will  rely  on 
Windows  Live  to  deliver  targeted 
ads  to  users. 

The  company  plans  to  spend 
$1.5  billion  of  its  $2.3  billion 
increase  in  R&D  next  year  on 
developing  services  and  compet¬ 


ing  with  Google,  according  to  a 
May  4  research  note  by  Charles 
DiBona,  an  analyst  with  invest¬ 
ment  research  and  management 
firm  Sanford  C.  Bernstein. 

The  move,  announced  April  27, 
so  shocked  Wall  Street  that  it 
spurred  an  overnight  reduction  of 
$3.10  in  Microsoft’s  stock,  which 
last  week  was  down  an  additional 
$1.25  to  $22.90.  Microsoft  is  the 
second-worst-performing  stock  in 
the  Dow  Jones  Industrial  Average 
this  year. 

Microsoft’s  R&D  investment  is 
designed  to  pull  it  out  from 
behind  Google  andYahoo,the  No. 
1  and  No.  2  companies  in  online- 
based  advertising  dollars.  Micro¬ 
soft  CEO  Steve  Ballmer  said  two 
weeks  ago  that  effort  would  likely 
take  five  years  or  more. 

The  next  step  for  Microsoft  will 
be  to  pull  in  its  massive  consumer 
base  and  corporate  customers 
searching  for  improvements  in 
collaboration  and  business  intelli¬ 


gence  tools. 

“Microsoft  is  trying  to  put  to¬ 
gether  services  that  enhance  the 
value  of  Windows,”  says  Joe 
Wilcox,  an  analyst  with  Jupiter 
Research.  “In  some  ways,  it  is 
almost  like  Microsoft  is  trying  to 
bundle  the  Internet  with  Windows 
through  Windows  Live  and  then 
do  to  Google  what  it  did  to 
Netscape  through  the  browser 
and  Windows.”  ■ 


nww.com 

Networking  job  search 

Search  for  your  next  job  on  nww.com 
using  our  job  search  engine,  powered  by 
Indeed.  The  job  search  engine  aggre¬ 
gates  jobs  recently  posted  to  job  boards, 
company  Web  sites,  associations  and 
recruiter  sites. 

www.nwdocfinder.com/2450 


Bird  flu 

continued  from  page  14 

GoToMyPC  Corporate  licensing  that  lets  users  access 
their  corporate  PCs  directly  from  remote  computers. 
Customers  pay  upfront  to  reserve  the  right  to  turn  on 
extra  licenses  then  pay  an  additional  fee  if  they  do. 

It  costs  $8,000  to  reserve  200  emergency  licenses, 
which  allows  customers  to  install  the  GoToMyPC 
clients  on  corporate  PCs  for  one  year.  That’s  about 
$40  per  seat.  If  they  start  using  the  software,  they  pay 
an  additional  $12  per  seat,  per  month.  Citrix  says  this 
costs  about  a  quarter  of  what  it  would  cost  to  buy 
standard  GoToMyPC  licenses. 

Positive  Networks’ VPN  service  requires  no  special 
customer  hardware  and  can  be  reserved  for 
between  50  cents  and  $2  per  user,  depending  on  the 
number  of  users.  If  the  service  is  turned  on,  it  costs 
$10  per  user, per  month.Through  the  end  of  June, pre¬ 


provisioning  the  emergency  service  is  free. 

Such  deals  can  save  money,  but  there  are  other 
things  businesses  can  do  to  save.  For  instance, 
remote  workers  can  collaborate  with  each  other,  des¬ 
ignating  only  one  member  of  a  group  to  connect  to 
the  corporate  network,  says  Alan  Shark,  executive 
director  of  Public  Technology  Institute,  a  nonprofit 
technology  adviser  to  3,000  state  and  local  govern¬ 
ments.  “You  could  have  one  person  log  in  [and 
access  resources]  for  others.  You  don’t  necessarily 
need  100%  redundant  systems,”  he  says. 

Also,  bird  flu  preparedness  could  be  viewed  as  an 
opportunity  to  buy  technology  such  as  collaboration 
tools  that  would  improve  productivity  during  normal 
times  but  help  keep  business  running  in  emergen¬ 
cies,  says  Steve  Borsch,  president  of  Marketing 
Directions.“You  can  look  at  the  contingency  system 
as  something  that  has  an  upside  —  an  ROl  of  its 
own,”  Borsch  says.  ■ 


amdd 


©  2006  Advanced  Micro  Devices.  Inc.  All  rights  reserved.  AMD,  the  AMD  Arrow  logo,  AMD  Opteron.  and  combinations  thereof,  are  trademarks  of  Advanced  Micro  Devices,  Inc. 


You  could’ve 
hire1  250  engineers, 
570  IT  su  port 
people,  5,235  int»  ■'ns, 
and  one  n  510 


with  the  amount  of  money  wasted  by 
non-AMD  powered  servers. 


How  long  have  you  been  putting  up  with  servers  that  waste  power  waste  money,  and  thanks  to  slow  performance  waste 
everyone's  time?  Now  you  can  make  your  data  center  the  coolest  room  in  the  building  without  replacing  your  existing 
power  and  cooling  envelope.  AMD  Opteron™  processor-based  servers,  on  the  other  hand,  are  designed  to  run  efficiently, 
run  cool,  and  thanks  to  dual-core  technology  deliver  increased  performance. To  learn  more  about  maximum  performance, 
cost  savings,  and  the  power  of  cool  visit  www.amd.com/lessenergy 
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so  that  only  your  employees  can  access  it? 

\  JhI  *  -  '  'Iglg  -  V'VC'  ! 

Yes.  Choose  Nortel.  We  provide  safe,  secure,  and  reliable  data  and  voice  communications 


all  over  the  world,  including  support  for  100  million  remote  workers  every  day. 
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Business  Made  Simple,  Nortel,  the  Nortel  logo,  and  the  Globemark  are  trademarks  of  Nortel  Networks. 
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Security  expert 
recommends 
net  diversity 


Eugene  Spafford,  one  of  the  nation  s  leading  experts 
on  information  security,  is  director  of  the  Center  for 
®  Education  and  Research  in  Information  Assurance 

and  Security  at  Purdue  University.  Network  World  Senior  Editor  Carolyn 
Duffy  Marsan  recently  sat  down  with  Spafford  at  his  West  Lafayette,  Ind., 
office  to  talk  about  the  latest  security  threats  and  what  network  execu¬ 
tives  can  do  to  mitigate  them.  Here  are  excerpts  from  their  conversation: 


What  do  you  see  as  the  top  three  information  security  threats  that  are  most  likely  to  hit 
U.S.-based  multinationals? 

One  of  the  biggest  threats  we  have  right  now  is  deployment  of  resources 
intended  either  to  save  on  cost  or  enhance  features  without  thinking  through  the 
consequences. VoIP  and  wireless  fall  in  this  category. They  have  failure  modes  that 
are  very  different  than  what  they  are  replacing  and  are  not  well  understood. 
Perceived  cost  advantages  are  driving  these  technologies,  but  that  is  overcoming 
the  caution  that  should  be  in  place.That’s  a  threat  not  in  the  sense  of  a  particular 
attack,  but  it  is  a  systemic  problem  that  leads  to  weakness  in  security  posture  and 
therefore  may  lead  to  attacks. 

A  second  threat  is  a  softening,  if  not  disappearing,  of  the  network  perimeter.  For 
a  long  time,  we  were  able  to  get  some  semblance  of  securing  the  enterprise  by 
establishing  firewalls  and  [demilitarized  zones]  and  maintaining  the  somewhat 
guarded  perimeter.  Now  with  BlackBerries,  PDAs,  wireless,  executives  traveling 
and  using  the  Internet  in  hotel  rooms,  and  people  with  VPN  access  from  home 
systems,  the  perimeter  is  an  illusion.  But  security  policies  and  technologies  have 
not  kept  up  with  that  change.  A  big  vulnerability  in  many  environments  is  that 
you  still  have  policies  and  people  viewing  the  enterprise  as  protected  with  a  fire¬ 
wall,  and  that’s  simply  not  the  case. 

A  third  threat  is  an  over-reliance  on  a  small  set  of  suppliers.  We  have  too  many 
enterprises  that  have  everything  running  on  the  same  hardware,  the  same  operat¬ 
ing  system,  the  same  database,  the  same  network  routers.  Even  their  security  sys¬ 
tems  are  from  one  vendor.  I  don’t  mean  to  pick  on  a  particular  segment  of  the 
market  or  a  particular  vendor,  but  we  see  this  homogeneity  up  and  down  the 
stack.The  difficulty  this  brings  is  that  the  whole  organization  can  fall  with  a  weak¬ 
ness  or  failure  of  one  platform  type.That’s  very  bad  from  an  operational  security 
point  of  view. This  trend  is  driven  by  cost  and  convenience,  but  people  simply 
aren’t  thinking  about  the  potential  cost  of  dealing  with  a  disaster.  Not  having 
diversity  in  place  applies  to  everything  from  viruses  to  break-ins  to  denial  of  ser¬ 
vice  to  potentially  even  bad  bugs  and  vendor  failure. 


What  steps  should  IT  executives  take  to  minimize  these  threats? 

With  any  new  technology,  there  should  be  a  thorough  understanding  of  the 
risks  and  the  trade-offs.  Some  network  systems  are  more  fragile  in  the  case  of  a 
fire  or  water  main  break  than  a  similar  twisted-pair  telephone  network.Those 
kinds  of  things  need  to  be  understood  as  risks  before  someone  deploys  the  tech¬ 
nology  That  simply  isn’t  being  done  in  many  environments.  IT  executives  have  to 
understand  the  risks  extend  outward  beyond  their  enterprises  when  they’re  talk¬ 
ing  about  these  things,  because  they  are  infrastructure  issues. 

Regarding  the  disappearance  of  the  network  perimeter,  they  have  to  change 

their  mind-sets  to  protecting  the  individual 
hosts  or  to  building  well-defined  enclaves.The 
whole  enterprise  is  no  longer  an  island;  it’s  an 
archipelago  of  islands  that  need  to  be  pro¬ 
tected  individually,  even  down  to  the  single¬ 
machine  level. This  means  that  you  have  to 

See  Spafford,  page  20 


I  Read  more  questions  from 
the  interview  at  www.nwdoc 
finder.com/3548. 


ANNOUNCING  THE 
SECURE  ROUTER 
PORTFOLIO  BUILT 


FOR  CONVERGENCE. 
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Spafford 

continued  from  page  19 

treat  all  of  those  machines  as  outside  your 
perimeter  for  purposes  not  only  of  protecting 
them  but  of  protecting  your  other  machines 
from  them.  So  when  somebody  comes  back 
in  with  a  laptop  after  they’ve  been  off-site, 
you  can’t  trust  it  simply  because  it’s  a  com¬ 
pany-issued  laptop  unless  you  have  applied 
specific  control  measures.This  mode  of  think¬ 
ing  has  to  go  down  to  the  individuals  who  are 
using  the  systems. 

For  the  homogeneity  threat,  even  though  it 
is  contrary  to  some  cost-containment  mea¬ 
sures  and  may  increase  the  need  for  training 
or  personnel,  there  should  be  some  level  of 
diversity  in  every  infrastructure  that’s  consid¬ 
ered  critical. This  includes  servers  and  routers 
and  other  appliances.This  helps  ensure  that 
some  of  your  infrastructure  will  be  main¬ 
tained  so  that  you  can  send  and  receive 
e-mail  and  surf  the  Web  even  if  one  of  your 
common  configurations  is  completely  blown 
away  by  some  kind  of  attack  or  some  kind  of 
bug.  It  also  limits  internal  damage  if  some¬ 
thing  gets  into  your  systems.  It  can’t  sweep 
through  everything.  Also,  the  fact  that  you 
have  a  trained  employee  on  different  kinds  of 
architectures  means  that  you’re  more  nimble 
to  take  advantage  of  advancements  because 
you  are  not  locked  into  a  particular  solution. 
There’s  a  business  advantage  in  the  longer 
term  to  having  some  diversity  in  place. 

What's  the  worst-case  scenario  for  a  U.S.  multi¬ 
national  company? 

I’m  not  sure  I  can  actually  say  what’s  the 
worst  case  from  an  information  security  point 
of  view.  But  something  that  would  be  bad 
would  be  an  unobserved,  automated  attack 
that  gets  into  the  enterprise  and  because  of  a 
lack  of  internal  controls  or  because  of  net¬ 
work  homogeneity  sweeps  through  the  enter- 
prise.The  attack  might  slowly  corrupt  the  data 
on  a  lot  of  machines  so  it  isn’t  observed  right 
away  and  you  can’t  depend  on  yesterday’s 
backups  to  help.  Or  it  might  do  a  massive  ex¬ 
filtration  of  data  such  as  company  proprietary 
information,  budgetary  information,  or  it  vio¬ 
lates  privacy  issues.  Or  the  attack  coordinates 
some  kind  of  massive  denial-of-service  or 
spam  attack  against  a  government  or  a  major 
industry  partner  and  causes  them  significant 
economic  damage  that  they  are  forced  to  try 
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to  recover.  All  of  those  things  would  be  very 
bad  and  could  occur  altogether. The  only 
solution  is  to  get  a  patch  and  shut  down 
everything  in  the  company  and  bring  it  back 
online.  For  most  organizations,  this  scenario 
would  be  catastrophic  in  terms  of  the  extent 
of  the  damage.  If  you  add  to  the  fact  that  the 
systems  may  have  corrupted  data,  disclosed 
data  or  brought  harm  to  an  external  entity 
that  is  going  to  want  some  kind  of  recom¬ 
pense,  this  would  be  a  pretty  grim  scenario. 

“Insiders  may  not  be  the 
biggest  source  of 
threats,  but  they  can 
cause  the  most  potential 
damage.” 

Are  there  any  steps  that  an  IT  executive  can  take  to 
prevent  this  type  of  catastrophe? 

With  network  diversity  they  won’t  have  to 
reboot  the  entire  enterprise.  In  fact,  if  they 
have  diversity  and  appropriate  alarms  in 
place,  they  may  detect  the  attack  sooner.  For 
example,  if  there’s  a  computer  worm  that 
attacks  Linux  systems  and  you  are  monitoring 
with  a  Microsoft  system,  you  may  detect  the 
worm  far  sooner  than  if  everything  is  on  a 
Linux  system.  Anytime  you  can  detect  an 
attack  faster  or  respond  more  quickly  it  is 
going  to  help.  Planning  can  help.  Even  if  only 
25%  or  20%  of  machines  fall  victim,  how  do 
you  detect  them?  How  do  you  get  the  patches 
in  place?  How  do  you  do  restores  and 
reboots  while  maintaining  any  type  of  conti¬ 
nuity?  That  type  of  planning  is  very  helpful. 

What's  the  bigger  threat  insiders  or  outsiders? 

That  depends  on  the  business  and  what’s  of 
value  on  the  systems.  Insiders  already  have 
access  and  know  what  would  hurt  the  most. 
Disgruntled  employees  can  cause  a  lot  of 
hurt  or  they  can  steal  a  lot.  Employees  also 
can  be  the  ones  who  carelessly  change  set¬ 
tings  that  allow  outsiders  in.  In  that  sense, 
insiders  are  the  biggest  complication.  Insiders 
may  not  be  the  biggest  source  of  threats,  but 
they  can  cause  the  most  potential  damage. 

The  threat  from  the  outside  is  growing.  More 
criminal  activity  is  occurring  on  the  network, 
and  we  don’t  have  a  corresponding  increase 
in  law  enforcement  to  keep  up  with  it. We’re 
seeing  more  politically  motivated  activity 
Some  of  it  is  vandalism,  but  quite  a  bit  of  it  is 
economically  motivated  industrial  espionage. 
Online  clothing  retailers  are  unlikely  targets 
for  that,  but  a  big  aerospace  company  or 
pharmaceutical  company  is.  Everybody  has 
to  worry  about  the  insider  threat.The  outsider 
threat  is  different  for  different  companies. 

What's  the  worst  security  incident  you've  wit¬ 
nessed  in  the  course  of  your  career? 

It  was  an  insider  attack.  It  was  a  criminal 
matter.  I’m  not  sure  whether  it  was  prompted 
by  anger  or  greed.  But  it  involved  an  em¬ 
ployee  making  off  with  a  copy  of  very  valu¬ 


able  proprietary  information  for  the  industry 
and  taking  it  to  the  competition. The  com¬ 
pany’s  own  copies  of  the  information  were 
badly  damaged  so  they  couldn’t  be  com¬ 
pletely  replaced. The  incident  leaked  within 
the  small  circle  of  that  industry  so  there  was 
damage  to  business  relationships.  It  was  a 
technical  person  that  did  the  damage.This 
was  many  years  ago. The  company  went 
through  some  hard  times. 

How  has  the  situation  with  network  security 
changed  during  the  last  10  years  from  the  point  of 
view  of  the  chief  security  officer  developing  policy 
and  working  with  the  CIO? 

One  of  the  major  changes  is  increased 
speed.  More  can  come  into  your  network  or 
go  out  in  a  shorter  amount  of  time,  and  there¬ 
fore  you  have  less  time  to  react.  A  second 
change  is  the  scope  within  an  enterprise 
where  the  network  reaches.Ten  years  ago,  we 
didn’t  have  anywhere  near  the  number  of 
desktop  systems,  wireless  was  not  a  concern, 
and  VoIP  was  not  considered.  Now  we  have 
all  kinds  of  devices  that  we  have  to  worry 
about.Third,the  motivations  of  those  who 
would  attack  our  systems  have  moved  from 
exploration  and  bravado  pretty  firmly  into 
the  realm  of  criminal  activity  Finally  10  years 
ago  we  were  seeing  targeted  attacks  such  as 
getting  into  accounts  or  getting  into 
machines.  Now  we’re  seeing  more  broadly 
based  denial  of  service, spam,  botnet,  adware 
and  spyware  kinds  of  attacks  that  don’t  so 
much  focus  on  gaining  access  as  they  do  on 
affecting  wide-scale  capacity. 

What  grade  would  you  give  to  U.S.  multinationals  in 
terms  of  information  security? 

Most  of  the  big  multinationals  are  probably 
at  least  in  the  B  range.  Aerospace,  banks,  phar¬ 
maceuticals,  tend  to  be  good,  as  are  some 
online  merchants.  I’m  told  that  the  Internet 
gambling  sites  are  incredibly  good  because 
their  whole  livelihood  has  to  be  protected. 
Government  agencies  in  the  United  States  are 
not  particularly  good.  Universities,  charities 
and  state  governments  are  all  pretty  bad. 

What  is  the  next  big  threat  that  worries  you  the 
most  and  why? 

A  threat  that  is  not  so  much  technology  as  it 
is  governance  is  the  trend  toward  preferential 
treatment  for  commercial  traffic.  Big  ISPs  and 
companies  are  installing  spam  filters  that 
block  traffic  from  other  countries,  companies, 
ISPs  or  domains.  It’s  effectively  a  breakdown 
of  the  end-to-end  model.You  cannot  depend 
on  your  e-mail  going  through.You’ve  got  some 
countries  setting  up  their  own  domain  roots. 
We’re  losing  the  underlying  commonality  that 
the  Internet  grew  on.  We’re  having  a  Tower  of 
Babel  moment  of  sorts.  It’s  ironic  that  one  of 
the  reasons  the  Internet  succeeded  is  its  lack 
of  centralized  control.  But  that  may  destroy 
the  other  thing  that  made  the  Internet  very 
attractive,  which  is  its  ubiquitous,  common 
access.  How  that’s  going  to  play  out  I  don’t 
know.  It’s  not  a  technology  issue,  but  it 
impacts  the  technology  in  a  major  way  ■ 
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Open  source  automates  college  net  security 


BY  JOHN  COX 

Network  managers  at  Middlebury 
College  in  Vermont  have  created  an 
open  source  application  that 
watches  entries  in  log  files,  analyzes 
them  and  triggers  actions  such  as  alert¬ 
ing  administrators, quarantining  a  user, or 
shutting  down  a  switch  port. 

The  application, dubbed  Privateye, auto¬ 
mates  a  large  chunk  of  network  security 
management  activities  by  exploiting 
capabilities  that  are  already  found  in 
common  applications,  including  firewalls 
and  intrusion-prevention  systems  (IPS), 
and  in  a  network  of  managed  switches. 

A  big  part  of  Privateye’s  appeal  is  its  rel¬ 
ative  simplicity.  Two  IT  staffers  at  the  col¬ 
lege  wrote  the  program  in  PHP  a  widely 
used  scripting  language. 

The  program  collects  information 
about  security  events  from  log  entries 
routinely  kept  by  such  systems  as  the 
campus  network  registration  applica¬ 
tion,  the  firewall  and  the  IPS.  A  set  of 
rules,  also  written  in  PHP  decipher  each 
event,  check  it  against  threshold  settings, 


and  carry  out  the  alerts  or  remedial 
actions  automatically 

Privateye  addresses  a  need  that  became 
apparent  when  the  college  installed 
Bradford  Networks’  Campus  Manager  reg¬ 
istration  application  and  an  enterprise 
IPS, says  Michael  Halsall,  network  security 
administrator  and  Privateye  co-author.  He 
declined  to  name  the  IPS  vendor. 

“After  the  first  day  of  getting  IPS  alerts, 
and  coordinating  the  IP  addresses  with 
people  and  their  machines  in  the  [Brad¬ 
ford]  registration  system,  that  got  old  real 
fast,”  he  says. 

Halsall  and  a  Middlebury  graduate  in¬ 
tern, Graeme  Connell,  wrote  Version  1.0  of 
Privateye,  essentially  a  log  parser  that  has 
three  basic  steps. 

First,  Privateye  receives  and  picks  apart 
inputs  from  such  applications  as  the  IPS, 
picking  up  each  new  entry  to  a  logfile  or 
from  a  central  logging  server.  Or  Privateye 
can  take  data  directly  from  a  raw  TCP 
connection  from  other  boxes,  Halsall 
says.  At  Middlebury,  other  data  feeds  are 
from  a  network  sniffer  program  and  the 


Security  automation 


Open  source  application  Privateye  plugs  into  Middlebury  College's  existing 
infrastructure  to  bolster  network  security. 


Intrusion- 

prevention 

system 


Managed  switch 
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D  Log  files  provide  event  data  to  Privateye. 


B  Application  strips  out  data,  checks  thresholds,  applies  rules. 

B  Based  on  rules,  scripts  execute  to  take  actions,  such  as  shutting  off  switch  ports,  or  direct  other 

applications  to  act. 


Campus  Manager.  Privateye  picks  these 
log  entries  apart,  separating  the  various 
data  inputs  into  appropriate  fields,  such 
as  severity  input  IP  address,  output  port 


and  user  name.  It  then  groups  and  counts 
the  entries,  factoring  in  a  time  variable. 
This  means  Privateye  can  be  pro- 

See  Privateye,  page  22 


Foundry  adds  Snort  to  LAN  switch 


Short  Takes 


8  Nokia  announced  last  week  it  has 
updated  the  operating  system  for  its 
Wi-Fi  Internet  tablet  device,  adding  sup¬ 
port  for  VoIP  and  instant  messaging. 

The  new  version  of  the  software  for 
Nokia’s  770  tablet  supports  Session 
Initiation  Protocol-based  VoIP  clients 
and  comes  preinstalled  with  Google 
Talk.  The  operating  system,  based  on 
Linux,  also  supports  instant  messaging 
clients  based  on  Jabber.  The  new  oper¬ 
ating  system  will  become  available  dur¬ 
ing  the  third  quarter. 

8  Extreme  Networks  CEO  Gordon  Stitt 
said  last  week  he  will  retire  by  year-end. 

He  will  remain  as  CEO  until  a  successor  is 
found,  after  which  he  will  become  chair¬ 
man  of  the  board  of  directors.  Stitt  has 
been  the  only  CEO  of  Extreme  since  the 
company  emerged  in  1996. 


BY  PHIL  HOCHMUTH 

In  July,  Foundry  Networks  is  expected  to 
make  available  an  upgrade  to  its  LAN 
switchAVAN  router  network  management 
software  that  adds  the  widely  used  open 
source  Snort  intrusion-detection  and 
-prevention  system  to  the  product. 

The  integration  of  Snort  into  Foundry’s 
IronView  Network  Manager  (1NM)  2.0 
could  help  customers  with  Foundry- 
based  LANs,  wireless  LANs  or  WANs 
detect  intrusive  network  traffic  and  block 
access  on  a  port  level. 

INM  is  Foundry’s  network-management 
and  device-configuration  tool,  which  runs 
on  Windows-based  servers.  The  software 

HIGH-SPEED  LANs 
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can  be  used  to  make  widespread  upgrades 
to  any  Foundry  device  on  a  network, as  well 
as  to  monitor  and  troubleshoot  Foundry 
gear. The  software  also  acts  as  an  sFlow  col¬ 
lection  node.  Foundry’s  sFlow  technology 
—  which  has  been  released  as  an  IETF 
standard  —  runs  on  all  Foundry  network 
products.  The  technology  is  embedded  in 
Foundry  hardware  and  lets  users  capture 
massive  amounts  of  packet  header  infor¬ 
mation  by  sampling  headers  from  traffic 
flows  and  forwarding  the  information  to  an 
sFlow  collector  —  an  INM  server. 

By  sampling  packet  headers,  instead  of 
just  mirroring  or  forwarding  all  packets  to 
an  inspection  device,  sFlow  lets  the 
switches  report  on  network  traffic  flows 
without  taxing  the  devices  or  adding  over¬ 
head  to  network  bandwidth. The  data  col¬ 
lected  from  sFlow-enabled  switches  can 


show  Layer  2-7  data,  such  as  a  packet’s  ori¬ 
gin  and  destination,  application  traffic 
type,  and  other  information,  and  give 
users  a  detailed  view  of  what  is  going  on 
in  various  traffic  flows  on  the  network. 

in  INM  2.0,  Snort  scans  through  packet 
headers  and  network  traffic  payloads  to 
identify  as  many  as  several  thousand 
known  attack  signatures  and  warning  signs 
of  a  network  intrusion  —  from  basic 
SYN/ACK  attack  methods  to  the  latest 
phishing  intrusions.  Running  Snort  on  the 
INM  server  lets  the  IDS/IPS  software  analyze 
traffic  on  virtually  every  Ethernet  and  WAN 
port  on  the  network,  Foundry  says,  because 
Snort  is  inspecting  sFlow  data,  which  is  a 
statistical  representation  of  all  traffic  flows. 

If  Snort  finds  a  match  to  an  attack  signa¬ 
ture  in  any  of  the  sFlow  data,  the  INM 
See  Foundry,  page  22 
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You  say  you  want  a  security  revolution 


Well, you  know  ...  I’m  not  much 
of  a  singer.  Just  ask  my  kids.  But 
the  old  Beatles  anthem  about  rev¬ 
olution  doesn’t  have  much  of  a 
place  in  today’s  network  and 
security  space.  Not  that  a  revolu¬ 
tion  isn’t  sometimes  needed,  but 
most  of  the  time  it’s  not  at  all  prac¬ 
tical.  That’s  why  the  word  of  the 
week  is  evolution. 

Most  of  us  are  employed  by  busi¬ 
nesses  that  do  stuff.  Maybe  you 
manufacture  things  or  heal  peo¬ 
ple  or  help  manage  the  finances 
of  folks.  I  don’t  know  much  (this 
time,  ask  my  wife),  but  if  your 
security  is  getting  in  the  way  of 
doing  the  things  that  pay  the  bills, 
the  security  manager  is  not  long 


for  this  world.  You  don’t  have  an 
option  to  bring  down  the  network 
for  any  length  of  time.  You  may 
have  a  couple  of  hours  here  and  a 
couple  there  (depending  on  the 
nature  of  your  business),  but  tak¬ 
ing  things  offline  for  days  at  a  time 
will  make  you  very  unpopular  in 
the  boardroom. 

I’m  going  here  because  in  my 
last  column  1  talked  about  “blow¬ 
ing  up  your  network,”  and  — 
despite  some  of  the  hype  back¬ 
lash  I’ve  heard  being  leveled  at 
network  access  control  (NAC) 
since  my  column  (see  www.nw 
docfinder.com/3559)  —  I  firmly 
believe  NAC  is  the  future  of  net¬ 
work  security.  What  I  didn’t  say 
was  that  you  could  get  there 
overnight.  If  you  have  more  than 
a  handful  of  users, your  key  word 
is  evolution. 

Revolutions  tend  to  be  bloody 
expensive  endeavors  involving  a 
lot  of  carnage.  Ultimately  we  usu¬ 
ally  wonder  what  was  accom¬ 
plished.  That’s  both  in  the  real 


world  and  within  our  networks. 
Your  job,  as  the  shepherd  of  infor¬ 
mation  protection,  is  to  put  in 
place  an  infrastructure  that  is 
highly  available  and  protects  pri¬ 
vate  information. You  need  to  do 
this  in  a  cost-effective  and 
nondisruptive  fashion.  Of  course, 
those  two  things  tend  to  be  at 
odds  with  each  other  at  times,  but 
that  is  the  goal. 

Though  it’s  pretty  rare,  revolu¬ 
tion  sometimes  does  make  more 
sense.  If  someone  drops  a  bag  of 
money  in  your  lap  —  or  your 
infrastructure  is  in  such  tatters 
there  is  no  way  to  get  there  from 
here  —  revolution  is  your  best 
option. You’d  be  well  advised  to 
roll  out  the  new  capabilities  on 
a  test  group  (that  includes  the 
CIO)  to  ensure  you  are  not  going 
to  affect  the  company’s  work- 
flow  adversely. 

The  first  time  a  sales  guy  can’t 
enter  in  a  big  order  because  his 
anti-virus  update  failed  and  he 
got  stuck  in  quarantine  jail, 


you’ll  know  what  I  mean.  Maybe 
this  is  obvious  to  you,  but  you’d 
be  surprised  at  how  many  folks 
do  things  without  properly 
managing  expectations  and 
without  a  fallback  position  if 
things  go  awry. 

For  everyone  else,  you  are 
looking  at  an  evolutionary  path 
to  NAC.  First  you  pick  the  low- 
hanging  fruit:  Protect  your  data 
center  and  your  mobile  profes¬ 
sionals.  You  don’t  need  a  net¬ 
work  brain  transplant  to  do  this, 
because  it  can  be  accom¬ 
plished  with  some  simple  over¬ 
lay  NAC  devices. 

The  data  center  is  an  easy  call. 
That’s  where  the  money  is,  so 
that’s  what  you  need  to  protect. 
Folks  coming  from  the  finance 
network  (or  in  the  finance 
group)  get  access  to  the  finance 
system.  Folks  in  janitorial  don’t. 
Likewise,  your  mobile  profession¬ 
als  are  most  likely  to  be  compro¬ 
mised,  because  they  hang  out  in 
some  unsavory  places  (such  as 


coffee  shops  and  hotels).  Making 
sure  they  are  not  polluted  before 
entering  is  pretty  important  also 
and  can  go  a  long  way  toward 
ensuring  that  one  infected 
device  doesn’t  become  many. 

Then  you  can  embark  on  a  cus¬ 
tomer-controlled  migration  for 
the  rest  of  the  network  fabric.You 
put  in  place  some  overlay  tech¬ 
nology  to  work  out  the  policy 
kinks  and  figure  out  how  dracon¬ 
ian  you  can  be.  Incrementally, 
when  your  budget  frees  up  or 
devices  fail,  you  can  upgrade  to 
something  a  bit  shinier  and  with 
the  built-in  security  capabilities 
you  are  looking  for.  It’s  unlikely 
you’ll  get  there  overnight. But  you 
will  get  there. 

Rothman  is  president  and  princi¬ 
pal  analyst  of  Security  Incite,  an 
analyst  firm  focusing  on  informa¬ 
tion  security.  Read  his  blog  at 
http: //feeds,  feedburner.  com/secu 
rityinciterants  or  send  e-mail  to 
mike,  rothman  @securityincite.  com. 


The  “s”  in  sHow  is  now  Snort 


Foundry  Networks'  Iron  View  Network  Manager  (INM)  2.0  now  runs  Snort,  along 
with  Foundry  LAN  switch  management  and  control  software. 
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The  INM  server  aggregates  sFlow  data  collected  on  all  Foundry  network  devices. 


B  The  Snort  software  running  on  the  INM  server  analyzes  the  sFlow  data  —  which  is  like  fingerprints  or  other 
forensic  evidence,  showing  who  has  been  on  the  network  and  what  they  were  doing. 


B  If  Snort  sees  traffic  patterns  or  evidence  of  rules  being  broken,  the  I 
LAN  switch  to  block  user  access. 


server  sends  a  command  to  the 


Foundry 

continued  from  page  21 

server  is  programmed  to  take  several 
actions.  An  alert  can  be  sent  to  adminis¬ 
trators  via  INM’s  e-mail  alerting  tool.  Snort- 
enabled  INM  servers  can  be  configured  to 
isolate  suspicious  traffic  flows  onto  a 
secure  network  segment,  using  virtual  LAN 
technology. 

The  amount  of  bandwidth  available  to  a 
user  whose  activity  is  detected  by  Snort 
aLso  can  be  squeezed  down  through  rate- 
limiting  features  in  Foundry  ASICs,  or  the 
port  can  be  blocked  completely  Release 


2.0  will  be  available  in  July  for  $10,000, 
Foundry  says. 

Salem  Community  Hospital  in  Ohio,  runs 
a  complete  Foundry  LAN  infrastructure 
and  uses  INM  to  manage  and  configure  all 
the  gear.  Brian  Cartwright,  network  adminis¬ 
trator  at  the  hospital,  says  he  likes  the  cen¬ 
tralized  administration  features  of  INM,  as 
well  as  its  built-in  sFlow  collection  capabil¬ 
ities.  Having  Snort  built  into  INM  2.0  will  be 
helpful,  he  says,  because  the  hospital 
already  runs  Snort  on  a  separate  server, 
which  is  just  one  more  device  taking  up 
room,  electrical  power  and  network  band¬ 
width  on  the  LAN.  ■ 


Privateye 

continued  from  page  21 

grammed  to  act  when  a  threshold  has 
been  crossed  —  five  occurrences  of  an 
event  in  five  minutes,  for  instance. 

At  this  point,  Privateye  takes  the  second 
step  of  applying  a  list  of  rules  to  the  entry 
groups.  These  are  written  in  PHP  and  use 
an  if-then  methodology:  If  X  is  present, 
then  doY 

In  the  third  step,Privateye’s  scripts  contact 
an  application  to  take  action,  or  telnet  to  a 
firewall  and  instruct  it  via  Perl  script  to 
block  an  IP  address  or  contact  a  managed 
switch  to  flip  a  PC  to  a  quarantine  virtual 
LAN  (VLAN)  called  the  Penalty  Box. 

A  good  example  of  Privateye  in  action  at 
Middlebury  is  how  it  manages  the  chronic 
problem  of  botnets,  which  are  created 
when  malicious  code  infects  computers, 
allowing  them  to  be  used  by  an  attacker. 

A  student  gets  a  spoofed  AOL  instant 
message  containing  a  Trojan  that  enlists  his 
PC  in  a  botnet.  Middlebury’s  IPS  sees  the 
infection  and  creates  an  alert.  Privateye  col¬ 
lects  the  alert, processes  it  through  the  rules 
base,  and  does  a  lookup  on  Campus 
Manager  to  associate  user  ID  with  IP 
address  and  media  access  control  address. 

Privateye  then  sends  an  SNMP  trap  to 
Campus  Manager,  which  flips  the  PC  into  a 
quarantine  VLAN,  creates  an  explanatory 
Web  page  for  the  PC  user  and  notifies  the 
campus  help  desk. All  this  activity  and  data 
are  recorded  in  Privateye’s  MySQL  data¬ 
base,  which  is  open  to  network  administra¬ 


tors  and  the  help  desk,  allowing  staff  to 
work  with  the  user  to  disinfect  the  com¬ 
puter,  update  security  patches  and  soft¬ 
ware,  and  release  the  PC  from  quarantine. 

In  the  past  this  was  an  entirely  manual 
process,  including  detecting  the  botnet 
infection.  Just  disinfecting  the  client  usu¬ 
ally  took  about  15  minutes.  In  the  first 
four  months  of  2006,  there  were  178 
machines  infected  by  botnet  activity. 
“Fifteen  minutes  times  178  machines 
adds  up,”  Halsall  says.  Now  botnet  detec¬ 
tion  is  almost  instantaneous,  and 
Privateye  largely  automates  the  entire 
process,  with  the  disinfecting  handled  in 
a  few  minutes  by  help  desk  staff. 

The  college  has  completed  Version  2.0 
of  Privateye,  which  among  other  things 
made  it  more  extensible  so  it  can  take 
inputs  from  other  applications,  and  added 
features  such  as  Boolean  logic  so  admin¬ 
istrators  can  create  more  complex  rules 
and  triggers. 

Privateye’s  source  code  and  information 
are  available  at  www.nwdocfinder.com 
/3522.  Users  need  a  thorough  understand¬ 
ing  of  their  network  infrastructure  and  the 
goals  they  want  to  accomplish  with 
Privateye,  Halsall  says.  A  managed  switch 
fabric  is  essential,  he  adds.  Privateye  works 
with  open  source  intrusion-detection  sys¬ 
tem  and  IPS  tools  such  as  Snort,  as  well  as 
the  big  commercial  IDS/IF’S  systems.  ■ 
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Wireless  fosters  ‘real  time’  mind-set 

Atlanta  tech  company  rolls  out  Cisco  WLAN  and  sees  growing  culture  of  multitasking  collaboration. 


BY  JOHN  COX 

Wireless  connectivity  is  changing  the 
business  mind-set  at  EMS  Technologies. 

Employees  at  the  Atlanta  company  now 
expect  to  connect  to  corporate  data  and 
applications  wherever  they  are  and  when¬ 
ever  they  need  to.  That  means  decisions  at 
all  levels  can  be  made,  and  acted  upon, 
faster  than  ever. 

This  emphasis  on  real-time  decision¬ 
making  is  made  possible  as  a  company¬ 
wide  wireless  LAN  (WLAN)  and  Research 
in  Motion  BlackBerry  wireless  e-mail  hand¬ 
sets  become  more  prevalent,  enabling  a 
new  culture  of  multitasking  collaboration. 

“Expectations  have  changed,”  says 
Michael  Hancock,  manager  of  information 
technology  services. “People  used  to  be  sur¬ 
prised  that  we  had  wireless  LAN  access. 
Now,  they’re  surprised  if  we  don’t.” 

“They  expect  [now]  to  get  to  all  the  same 
resources  with  the  same  performance  as 
when  they’re  connected  to  a  wire,”  says 
John  Dunbar,  CIO  for  EMS. 

EMS  is  a  technology  company  that  had 
$310  million  in  revenue  in  fiscal  2005  from 
several  divisions.  Among  them  are  LXE, 
which  makes  a  range  of  rugged  wireless 
computers,  scanners  and  RFID  equipment; 
and  Defense  &  Space  Systems,  which  builds 


BY  SHELLEY  SOLHEIM,  IDG  NEWS  SERVICE 

In  one  of  the  first  executive  shake-ups  at 
Sun  since  Jonathan  Schwartz  stepped  in 
as  CEO  last  month,  the  company  last 
week  shuffled  those  who  head  the  server 
and  storage  units  and  consolidated  its 
server  businesses. 

Sun  combined  its  SPARC  and  x64-based 
server  groups  under  one  umbrella  group, 
now  called  the  Systems  Group,  and  tapped 
John  Fowler  as  executive  vice  president  of 
the  new  group.  Fowler  formerly  headed  up 
the  group  responsible  for  Sun’s  x64-based 
servers  that  use  AMD’s  Opteron  processors. 

David  Yen,  formerly  executive  vice  presi¬ 
dent  of  Sun’s  Scalable  Systems  Group, 


defense  electronics  for  wireless  communi¬ 
cations  and  electronic  warfare.  About  1,500 
employees  are  in  offices  and  manufactur¬ 
ing  sites  around  the  world. 

This  spring,  EMS  completed  its  rollout  of  a 
companywide  WLAN,  to  give  employees 
mobility  within  buildings  and  among 
offices,  and  to  give  visiting  business  part¬ 
ners  and  customers  secure  Internet  access. 

To  simplify  the  rollout  and  leverage  a  lean 
IT  budget,  Dunbar  focused  on  brands  and 
technologies  with  which  his  department 
was  familiar. “We  saw  the  big  benefit  of  this 
in  standardizing  on  hardware  and  soft¬ 
ware,”  he  says.  “That  made  it  more  secure, 
more  pervasive  and  gave  us  centralized 
administration.” 

The  WLAN  is  not  large,  but  it  is  spread 
throughout  the  company.  About  35  Cisco 
Aironet  1300  access  points  form  the  WLAN 
infrastructure,  which  is  managed  by 
Cisco’s  Wireless  LAN  Solutions  Engine.  In 
the  past,  some  divisions  deployed  Lucent 
access  points,  which  had  to  be  managed 
separately  by  an  administrator  logging  on 
to  each  one.  Because  the  new  WLAN  is 
small,  EMS  chose  not  to  go  with  Cisco’s 
WLAN  controller-based  architecture. 

For  authentication,  EMS  uses  the  Pro¬ 
tected  Extensible  Authentication  Pro- 


which  managed  the  company’s  SPARC- 
based  servers,  will  serve  as  executive  vice 
president  of  Sun’s  storage  group.  Last 
month  Sun  laid  off  about  200  people  from 
its  Scalable  Systems  Group. 

Separately,  HP  said  last  week  that  it  is 
consolidating  its  85  data  centers  into  six 
in  a  move  expected  to  cut  IT  spending 
by  $1  billion. 

The  move  is  part  of  a  massive  restructur¬ 
ing  led  by  CEO  and  President  Mark  Hurd 
that  involves  thousands  of  layoffs.  HP  will 
house  its  data  centers  in  Atlanta,  Houston 
and  Austin,  Texas.  Each  location  will  host 
two  sites  within  15  miles  of  each  other  that 
can  be  managed  centrally  ■ 


Doing  business  in  real  time 

How  to  get  the  most  from  wireless 

networks: 

•  Minimize  IT  support  issues  by  standardizing 
wireless  LAN  infrastructure,  security, 
management,  and  client  hardware  and  software. 

•  Plan  for  increased  user  support  with  an  expanded 
help  desk. 

•  Track  help  desk  calls,  create  FAQs  and  how-to 
commentaries  to  address  common  problems. 

•  Simplify  user  log  on  and  authentication  processes. 

•  Expect  employees  to  use  wireless  networks 
during  meetings  to  view,  check,  revise  and 
update  data,  and  to  schedule  and  collaborate 
in  real  time, 

tocol  (PEAP),  crafted  by  Cisco,  Microsoft 
and  RSA  Security.  PEAP  is  supported  in 
the  Cisco  access  points,  and  in 
Microsoft’s  Windows  XP  operating  sys¬ 
tem,  which  is  the  EMS  laptop  standard. 
The  authentication  process  via  a  RADIUS 
server  is  largely  automatic. 

In  the  past,  to  access  a  division-specific 
WLAN,  users  had  to  manually  enter  the  ac¬ 
cess  point  Service  Set  Identifier  and  an  en¬ 
cryption  key  just  to  associate  to  the  access 
point,  then  go  through  a  separate  VPN 
logon,  Dunbar  says. 

The  IT  group  has  created  a  separate  vir¬ 
tual  LAN  to  give  visitors  wireless  access  to 
the  Internet,  while  blocking  them  from  the 
EMS  backbone. 

About  one-quarter  of  the  workforce  has 
wireless  laptops,  while  about  100  senior 
executives,  sales  staff  and  field  service  tech¬ 
nicians  are  equipped  with  BlackBerry 
wireless  e-mail  handhelds,  linking  them  to 
the  EMS  Microsoft  Exchange  mail  server. 

“We  do  business  all  over  the  world,  and 
for  our  people  to  travel  to  our  offices  and 
customer  sites,  and  stay  connected  to  data, 
is  a  huge  productivity  gain,”  Dunbar  says. 

Jay  Grove,  senior  vice  president  and  gen¬ 
eral  manager  for  the  Defense  &  Space  Sys¬ 
tems  division,  remembers  sitting  in  on  proj¬ 
ect-review  meetings  when  he  first  arrived 
five  years  ago.  “My  first  review  had  30  peo¬ 


ple  in  a  room  all  day  with  500-page  books 
in  front  of  them,”  he  says. “The  most  recent 
one  was  14  people  with  about  10  laptops 
wirelessly  connected  to  the  ’Net.” 

The  division  has  recently  introduced  soft¬ 
ware  from  Solumina  that  manages  manu¬ 
facturing  work  and  quality  processes.  This 
data,  previously  on  paper,  is  now  online  and 
instantly  available  over  the  WLAN. 
“Managers  in  a  conference  room  can  ac¬ 
cess  Solumina  and  have  real-time  access  to 
what’s  happening  on  the  factory  floor;” 
Grove  says.  “I  don’t  think  we’ve  even 
scratched  the  surface  of  what  this  combi¬ 
nation  of  off-the-shelf  software  and  wireless 
access  can  do  for  us.” 

The  WLAN  and  the  BlackBerries  are 
changing  the  way  meetings  work.  “Once 
you  have  a  WLAN  in  place,  and  people 
start  using  it,  you  see  more  multitasking,” 
says  Kai  Figwer,  director  of  systems  inte¬ 
gration  with  LXE.“The  BlackBerries  make 
possible  more  real-time  interactions,  and 
they  document  a  chain  of  events  if  some¬ 
one  needs  to  understand  what  hap¬ 
pened.  I’m  seeing  people  use  instant 
messaging  and  e-mails  a  lot  more  in 
these  meetings.” 

“There  is  a  somewhat  old-school  belief 
that  if  you’re  in  a  meeting  and  people  are 
using  laptops  and  BlackBerries,  that 
means  they’re  not  paying  attention,  or 
they’re  rude,”  Grove  says.“Frankly,  if  you’re 
not  using  your  laptop  and  BlackBerry 
[today], you’re  not  keeping  up.  It  creates 
a  whole  different  environment:  We’re 
dealing  with  issues  right  there  by  going 
out  and  getting  the  data  and  getting 
actions  done.” 

These  activities  vindicate  Dunbar’s  stan¬ 
dardized  approach  to  wireless,  which  sim¬ 
plifies  the  user’s  experience  and  the  help 
desk’s  support  tasks.  Help  desk  staff  track 
the  most  common  sources  of  problems 
and  complaints  and  create  FAQs,  or  how¬ 
to  documents  for  users.Two  examples  are 
how  to  reset  passwords  and  how  to  access 
e-mail  remotely,  Hancock  says.  ■ 
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Webify  looks  to  manage  apps  services 


BY  JOHN  FONTANA 

Webify  this  week  plans  to  roll  out  insur¬ 
ance  industry-specific  application  compo¬ 
nents  and  a  platform  for  managing  service- 
oriented  business  applications. 

Webify  Fabric  4.0’s  components  give 
insurance  companies  a  set  of  prebuilt,  ser¬ 
vice-oriented  applications  they  can  deploy 
separately  or  use  as  components  of  multi¬ 
part,  composite  applications  that  Gartner 
calls  service-oriented  business  applications 
(SOBA).  Webify  Fabric  helps  users  assem¬ 
ble,  deliver  and  manage  SOBAs. 

Experts  say  Webify  Seec  Systems  and  Ten¬ 
fold  are  a  new  breed  of  application 
providers  delivering  components  instead 
of  monolithic  applications. 

“Ten  years  ago  these  guys  would  be  enter¬ 
prise  application  vendors,”  says  Ron 


Schmelzer,an  analyst  with  ZapThink.“Now 
they  are  service-oriented,  composite-appli¬ 
cation  vendors.  It  is  noteworthy  It  shows 
where  the  industry  is  headed.” 

Schmelzer  says  other  vendors,  includ¬ 
ing  Oracle  and  SAP  are  breaking  their 
application  logic  into  components 
instead  of  assembling  them  into  one 
massive  application. 

“The  days  of  coming  up  with  new 
applications  and  selling  multimillion- 
dollar  enterprise  applications  in  mono¬ 
lithic  blocks  —  I  think  those  days  are 
over,”  Schmelzer  says. 

So  does  Webify  The  company  is  focusing 
its  development  efforts  on  creating  appli¬ 
cation  components  tailored  to  specific 
industries.  Insurance  is  the  first  target  indus¬ 
try  in  what  will  be  a  model  of  pairing 
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■  SAP  will  use  HP’s  central  print- 
management  technology  to  enhance 
print  capabilities  across  its  applica¬ 
tions.  In  adding  HP's  print-  and  output- 
management  technology  to  its  Net- 
Weaver  integration  platform,  SAP 
aims  to  help  customers  define,  man¬ 
age  and  track  document  delivery  from 
a  single  source.  The  unified  interface 

is  designed  to  help  businesses  improve 
the  reliability  of  print  output,  optimize 
printer  use  and  increase  control  over 
enterprisewide  printing.  The  new  capa¬ 
bilities  will  be  available  in  June  to  cus¬ 
tomers  running  mySAP  Business 
Suite  applications  with  NetWeaver 
middleware. 

■  Business  Objects  plans  to  make  it 
easier  for  users  of  Google’s  Search 
Appliance  and  Desktop  software  to  find 
and  view  corporate  data  stored  in  its 
business  intelligence  systems.  Google's 
OneBox  presents  search  results  in  dif¬ 
ferent  forms  depending  on  their  nature 
or  source:  Weather  reports,  e-mail  mes¬ 
sages  and  purchase  requests  are  dis¬ 
played  differently.  Cisco,  Cognos  and 
Oracle  have  provided  software  modules 
for  searching  data  stored  in  their  appli¬ 
cations.  Business  Objects  plans  to  add 


a  module  for  searching  data  stored  in  its 
business  intelligence  systems,  including 
Crystal  Reports  and  Web  Intelligence 
documents.  It  also  will  support  similar 
search  features  in  Google  Desktop 
Enterprise  Edition,  a  version  of  Google’s 
application  for  indexing  and  searching 
documents  on  a  PC.  To  secure  corpo¬ 
rate  data,  the  enterprise  edition  lets 
administrators  limit  the  types  of  search 
that  can  be  performed  and  documents 
that  can  be  indexed.  Business  Objects 
expects  to  make  the  software  module 
available  this  month,  free  to  users  of 
Business  Objects  XI  Release  2  and  the 
Google  Search  Appliance  or  Google 
Desktop,  the  company  says. 

■  IBM  and  its  channel  partners  last 
week  teamed  with  SAP  to  sell  SAP’s 
All-in-One  software  package  to  small 
and  midsize  businesses  in  the  United 
States.  The  Global  Business  Services 
arm  of  IBM  will  serve  as  a  reseller,  with 
the  group's  channel  partners  eligible  to 
earn  a  fee  for  referring  opportunities  to 
SAP  and  the  company's  other  All-in- 
One  partners.  SAP  expects  to  bundle 
its  All-in-One  midmarket  software  with 
IBM’s  upcoming  release  of  its  DB2 
database,  code-named  Viper. 


Webify  Fabric  to  assemble  and  manage 
application  components  with  a  set  of 
starter  applications. 

One  insurance  application  in  Webify 
Fabric  4.0  is  the  New  Business  module, 
which  supports  risk  assessment,  underwrit¬ 
ing,  quote  processing  and  integration  with 
policy-management  systems.  The  Policy 
Lifecycle  module  supports  rules- 
driven  processing;  the  Claims  Lifecycle 
module  provides  claims  support,  fraud  pro¬ 
tection  and  routing;  and  the  Agency  and 
Partner  Services  module  supports  integra¬ 
tion  of  services  with  independent  agents 
and  other  insurance  firms.  The  modules 
include  prebuilt  transformation  engines  to 
convert  data  formats  from  back-end  sys¬ 
tems  to  XML  formats. 


Webify  Fabric  supports  the  insurance 
industry-specific  ACORD  XML  format,  and 
IBM’s  Insurance  Application  Architecture. 
The  software’s  components  include  life- 
cycle  management  tools  that  let  users 
assemble  services  into  business  applica¬ 
tions,  deploy  those  applications  and  man¬ 
age  them  based  on  performance  and  a  set 
of  defined  metrics. 

Inversion  4.0, Webify  has  added  a  multi¬ 
author,  multilocation  governance  service 
that  lets  users  work  in  a  distributed  envi¬ 
ronment.  Webify  Fabric  runs  on  any  Java  2 
Platform  Enterprise  Edition  application 
platform,  including  those  from  BEA 
Systems,  JBoss,  IBM  and  Oracle. 

Webify  Fabric  4.0  is  shipping  and  starts  at 
$250,000  for  an  entry-level  configuration.  ■ 


BMC  expands  reach 
of  configuration  product 


BY  DENISE  DUBIE 

BMC  Software  last  week  updated  its  con¬ 
figuration-management  database  technol¬ 
ogy  to  help  customers  collect  data  from 
back-end  systems  and  pull  data  from  dis¬ 
tributed  sources  more  easily  without  a  lot 
of  manual  effort. 

BMC  Atrium  CMDB  2.0  software  works 
with  other  BMC  applications  to  collect 
and  store  configuration  data  from  IT 
assets,  such  as  Web  and  application 
servers,  routers,  switches  and  user 
machines,  in  a  configuration  management 
database  (CMDB).  The  latter  is  a  reposi¬ 
tory  for  data  about  IT  assets  and  those 
assets’  dependencies  and  interrelation¬ 
ships,  according  to  the  Information 
Technology  Infrastructure  Library  (ITIL). 
1TIL  proposes  that  network  managers  who 
know  their  IT  assets,  how  those  assets 
relate  to  each  other  and  how  they  might 
have  changed  can  pinpoint  the  source  of 
an  IT  service  disruption  more  quickly. 

For  example,  if  an  application  is  per¬ 
forming  slower  than  preset  service  levels,  IT 
managers  use  data  in  Atrium  CMDB  2.0  to 
track  the  application’s  performance 
through  the  infrastructure  and  software 
components  supporting  it.  The  database 
includes  a  reconciliation  engine,  which  lets 


it  make  sense  of  data  input  from  many 
sources  and  model  the  one-to-one,  one-to- 
many  and  many-to-many  relationships  that 
exist  among  IT  components  that  now 
include  mainframe  systems. 

“Many  vendors  are  offering  tools  that  can 
map  the  dependencies  of  online  applica¬ 
tions,  but  it’s  not  long  before  customers 
realize  it’s  not  a  complete  picture,”  says 
Jean-Pierre  Garbani,  a  research  director  at 
Forrester  Research. “Application  dependen¬ 
cies  are  not  online  only.  Most  applications 
must  delve  into  back-end  databases  and 
other  systems.  With  this  release,  BMC  can 
show  the  relationship  of  the  online  appli¬ 
cations  to  those  on  the  distributed  network 
to  those  on  the  mainframe.” 

In  addition  to  its  expanded  reach  into 
mainframe  systems,  Atrium  CMDB  2.0  now 
supports  a  federated  database  model. 
Under  this  model  database  software  col¬ 
lects  data  from  many  sources  but  doesn’t 
have  to  store  it  all  in  one  monolithic  data¬ 
base.  A  federated  CDMB  has  a  centralized 
database  with  hooks  into  other  data 
sources;  IT  managers  are  not  required  to 
abandon  their  existing  databases  and 
move  configuration  data  to  another  server. 
This  support  makes  it  possible  for  data  to 

See  BMC,  page  28 


RISK  MANAGEMENT  FIRM  SOLVES 


DISASTER  RECOVERY 


When  everything  was  factored  in, 
we  estimated  that  centralizing  all 
application  servers  would  save  us 
close  to  $360,000  per  regional  office. 

Mitch  Nabors,  Quality  Built 


Quality  Built  was  committed  to  centralizing 
voice  and  data  applications  and  providing  real¬ 
time  data  replication  between  locations.  The 
builder  risk  management  firm  required  assur¬ 
ance  that  their  WAN  was  up  to  the  challenge. 

Quality  Built  is  the  largest  builder  risk  management  services  firm  in 
the  United  States,  providing  claim  services  to  all  types  of  construc¬ 
tion  environments  -  from  single-family  homes  to  luxury  high-rise  pro¬ 
jects.  The  company  has  worked  on  more  than  225,000  projects 
across  the  country,  representing  a  total  construction  risk  value  of 
$1 .01  billion  in  2005. 

“In  our  business,  terabytes  of  data  are  transferred  each  day  to 
clients  and  partners,  as  well  as  between  Quality  Built  facilities,”  said 
Mitch  Nabors,  Network  Administrator  at  Quality  Built.  “This  places  an 
enormous  burden  on  IT.” 

All  Quality  Built  employees  require  fast  and  reliable  access  to 
core  applications  that  enable  the  sharing  of  business  information. 
This  includes  NAS  file  servers,  Microsoft  Exchange  email,  a 
corporate  intranet,  and  several  SQL  databases.  This  information 
is  protected  using  real-time  replication  to  a  disaster  recovery 
location  in  Denver. 

The  Strategy 

With  a  rapidly  growing  customer  base,  Quality  Built  assessed  their  ris¬ 
ing  IT  costs  and  determined  that  the  best  way  to  improve  information 
delivery  and  to  guarantee  proper  data  backup  is  to  centralize  all  appli¬ 
cation  servers  within  their  main  data  center  in  San  Diego. 

“It  was  cost  prohibitive  to  duplicate  servers  and  storage  in  branch 
locations,”  said  Nabors. 

Server  distribution  would  require  additional  hardware  and  software 
expenditures,  and  add  server  support  costs.  In  addition,  it  would 
require  Quality  Built  to  upgrade  existing  operating  systems,  add 
clustering  capabilities  across  their  databases,  build  out  new  server 
room  facilities,  and  implement  a  new  Storage  Area  Network  (SAN). 
Quality  Built  would  also  have  to  add  senior  IT  personnel  to  support 
this  initiative. 

Added  Nabors,  “when  everything  was  factored  in,  we  estimated  that 
centralizing  all  application  servers  would  save  us  close  to  $360,000 
per  regional  office.” 


CHALLENGE 

The  Challenges 

Server  centralization  did  not  come  without  challenges  in  the  Quality 
Built  environment. 

“In  some  instances,  it  would  take  over  30  minutes  to  transfer 
large  files  across  the  WAN,”  explained  Nabors.  “Similarly,  it  would  take 
hours  to  backup  all  corporate  data  to  Denver  across  dual 
bonded  T 1  links." 

In  addition,  Quality  Built  invested  in  Voice  over  IP  (VoIP)  equipment 
to  eliminate  long  distance  charges  between  corporate  locations. 
However,  users  complained  that  VoIP  calls  sounded  “garbled”  and 
“digitized”  across  the  WAN. 

“We  save  close  to  $20,000  per  year  doing  VoIP,” 
said  Nabors.  “But  poor  voice  quality  was  preventing 
end  users  from  appreciating  the  benefits  of  this 
technology." 

Searching  for  a  Solution 

In  April  2005,  Quality  Built  determined  that  an 
acceleration  solution  was  required  to  improve 
application  usability  across  their  WAN.  In  addition,  they  required 
a  solution  that  could  ensure  the  real-time  replication  of  large 
volumes  of  data  without  requiring  significant  investments  in 
WAN  bandwidth. 

The  company  spent  four  months  evaluating  a  wide  range  of  accelera¬ 
tion  products. 

“We  ruled  out  basic  compression  solutions  because  they  did  not 
provide  enough  bang  for  our  buck,"  said  Nabors. 

The  company  also  explored  Wide  Area  File  Services  (WAFS),  but 
it  was  concerned  that  caching  technology  might  result  in  the  delivery  of 
inconsistent  information  across  different  Quality  Built  locations.  Plus, 
WAFS  only  addressed  a  subset  of  Quality  Built’s  total  application 
acceleration  needs. 

“For  us  to  invest  in  a  new  technology,  it  must  improve  the 
performance  of  all  of  our  applications,  including  email,  web, 

SQL  database  transactions  and  the  transfer  of  backup  files.  We 

■  20x  reduction  in  web  traffic 

■  30x  improvement  in  file  transfer 

■  Toll  grade  voice  quality  across  WAN 

■  Saved  nearly  $360,000  per  site  in  hardware,  software, 
facility  and  support  costs 

■  Save  $20,000  per  year  using  VoIP 


cannot  cost-justify  a  separate  solution  for  every  application  in 
our  network,”  added  Nabors. 

Building  a  Solid  Foundation 

Ultimately,  Quality  Built  selected  Silver  Peak’s  NX-3500  appliances. 

Silver  Peak  appliances  leverage  data  reduction  to  eliminate 
the  transfer  of  duplicate  information  across  the  Quality  Built 
Wide  Area  Network.  The  Silver  Peak  solution  uses  a  technique 
called  “Network  Memory”™  to  remember  every  byte  of  information 
that  traverses  the  WAN  between  Quality  Built  offices.  Network 
Memory  recognizes  duplicate  patterns  in  real-time 
and  sends  references  across  the  WAN  that  enable  the  information 
to  be  delivered  locally  by  remote  Silver  Peak  appliances.  This 
reduces  WAN  traffic  by  over  99%  and  improves  perceived 
application  response  time. 

“We  saw  a  20x  reduction  in  web  traffic,”  professed 
Nabors.  “In  addition,  30  minute  file  transfer  times 
were  reduced  to  less  than  1  minute." 

Silver  Peak  also  provides  Quality  of  Service 
(QoS)  features  that  can  be  used  to  prioritize 
time-sensitive  voice  traffic.  This  helped  Quality 
Built  eliminate  virtually  all  distortion  on  VoIP  calls 
across  their  WAN. 

Hardware-based  encryption  of  local  data 
stores  enabled  Quality  Built  to  confidently  replace  servers  with 
new  acceleration  appliances. 

“The  last  thing  we  wanted  to  do  was  to  improve  application  perfor¬ 
mance  at  the  expense  of  data  security,"  added  Nabors. 

Quality  Built  decided  to  deploy  Silver  Peak  NX  appliances  in  all 
locations.  The  security,  compliance,  cost  and  management  savings 
that  Quality  Built  achieved  by  centralizing  file,  email,  VoIP,  web,  and 
SQL  applications  more  than  justified  the  expenditure  in  network 
acceleration  appliances.  In  addition,  Silver  Peak  enabled  Quality 
Built  to  maximize  the  company’s  investment  in  strategic  applica¬ 
tions,  such  as  VoIP. 

“Our  WAN  can  now  handle  any  application  that  we  throw  at  it,”  said 
Nabors.  “To  a  company  that  is  in  the  business  of  managing  risk,  that 
type  of  assurance  goes  a  long  way.” 


FOR  MORE  DETAILS 

For  more  information  on  Quality  Built’s 
case  study,  including  a  detailed  three- 
year  cost  savings  analysis,  visit: 
www.silver-peak.  com/quality _b  uilt 
Call:  888-598-7325  (toll  free) 

or+1  650-331-3581  (international)  Silver  Peak 


IFi  CHALLENGES 


Poor  web,  e-mail,  and  file 
performance  across  WAN 

Stringent  data  replication 
needs  between  locations 

Noticeable  issues  with 
VoIP  quality  across  WAN 
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NET  INSIDER 

Scott  Bradner 


It’s  not  a  new  complaint  to  say 
the  patent  system  is  a  mess.  Far 
too  many  patents  containing  far 
too  little  innovation  have  been 
issued  and  then  asserted  against 
companies  actually  trying  to 
make  a  buck. 

One  of  the  most  powerful 
blunt  instruments  in  the  arsenal 
of  patent  attorneys  has  been 
their  almost  automatic  ability  to 
get  a  court  injunction  to  shut 
down  a  company’s  selling  a 
product  or  service  found  to 
infringe  on  a  patent  —  even  if 
the  patent  in  question  covers  a 


Patents: 

very  small  part  of  that  product 
or  service.  The  threat  of  such  a 
shutdown  has  been  a  powerful 
biasing  factor  in  negotiations 
over  licensing  fees  —  talk  to 
BlackBerry  maker  Research  In 
Motion  (RIM). The  U.S.  Supreme 
Court,  however,  has  just  remade 
the  legal  landscape  by  ruling  in 
a  case  involving  eBay  that  there 
should  be  nothing  automatic 
about  such  injunctions. 

For  years  it’s  been  clear  to  every¬ 
one  —  other  than  a  few  patent 
attorneys  working  for  patent  hold¬ 
ers,  and  the  judges  in  one  patent 
court  —  that  the  near-automatic 
injunction  did  not  make  much 
sense  in  today’s  world.These  rules 
have  raised  prices  and  affected 
the  deployment  of  new  technol¬ 
ogy  throughout  the  hi-tech  arena. 
The  patent  court  in  question,  the 
U.S.  Court  of  Appeals  for  the 


Don't  just 

Federal  Circuit,  somehow  came 
to  the  conclusion  that  patent 
cases  were  special,  thus  injunc¬ 
tions  did  not  have  to  follow  the 
normal  legal  principles  of  equity 
but  should  be  granted,  except  in 
“exceptional  circumstances.” 

The  Supreme  Court  just  tossed 
out  that  reasoning  in  a  unani¬ 
mous  decision  (see  www.nwdoc 
finder.com/3542)  in  favor  of  eBay 
From  now  on  the  traditional  prin¬ 
ciples  of  equity  —  which  are 
applied  in  all  other  cases  where 
an  injunction  is  sought  —  will 
have  to  be  followed.  Injunctions 
can  be  issued  if  a  plaintiff  can 
show  “that  it  has  suffered  an 
irreparable  injury;  that  remedies 
available  at  law,  such  as  monetary 
damages,  are  inadequate  to  com¬ 
pensate  for  that  injury;  that,  con¬ 
sidering  the  balance  of  hardships 
between  the  plaintiff  and  defen- 


say  'no1 

dant,  a  remedy  in  equity  is  war¬ 
ranted;  and  that  the  public  inter¬ 
est  would  not  be  disserved  by  a 
permanent  injunction.” 

Following  these  rules  does  not 
mean  there  will  not  be  any  more 
injunctions.  It’s  quite  hard,  how¬ 
ever,  to  see  a  future  case  where 
RIM  is  threatened  with  shutdown 
by  a  patent  holder  that  is  just  after 
a  licensing  fee.  Four  justices,  in  a 
consenting  opinion,  pointed  out 
the  threat  of  injunction  “can  be 
employed  as  a  bargaining  tool  to 
charge  exorbitant  fees  to  compa¬ 
nies  that  seek  to  buy  licenses  to 
practice  the  patent”  and  that 
when  “the  patented  invention  is 
but  a  small  component  of  the 
product  the  companies  seek  to 
produce,  and  the  threat  of  an 
injunction  is  employed  simply  for 
undue  leverage  in  negotiations, 
legal  damages  may  well  be  suffi¬ 


cient  to  compensate  for  the 
infringement  and  an  injunction 
may  not  serve  the  public  interest.” 

There  are  many  patents  that  are 
for  actual  innovations,  where  it  is 
very  reasonable  for  the  inventor 
or  inventors  to  profit  from  the 
work  and  insight  put  in.  With  this 
decision  the  Supreme  Court  has 
reestablished  a  fair  playing  field 
where  such  rewards  can  be  dis¬ 
cussed.  Better,  less  expensive  and 
timelier  technology  will  be  the 
main  result. 

Disclaimer:  1  expect  some  but 
not  all  of  Harvard’s  legal  progeny 
will  be  happy  with  this  decision. 
But  I  did  not  ask,  so  this  column 
reflects  my  own  joy. 

Bradner  is  a  consultant  with 
Harvard  University’s  University 
Information  Systems.  He  can  be 
reached  at  sob@sobco.com. 


Oracle  takes  aim  at  SAP  customers  with  R/3  apps 


BY  CHINA  MARTENS,  IDG  NEWS  SERVICE 

Oracle  plans  to  offer  support  and  mainte¬ 
nance  for  rival  SAP’s  R/3  applications,  the 
software  giant  said  last  week. 

Business  applications  vendors  are  trying 
to  lure  away  each  other’s  customers  by 
offering  inexpensive  deals  on  support  to 
users  of  older  software  versions.  Given  the 
complexity  of  business  application  soft¬ 
ware,  users  tend  to  move  slowly  from  one 
release  to  the  next,  with  the  upgrade  cycle 
as  long  as  five  years. 

With  its  partner  Systime  Computers, 
Oracle  is  extending  its  support  program  to 
partners  that  support  SAP’s  R/3  software. 
SAP  is  moving  its  customers  away  from 


BY  JOHN  FONTANA 

IBM/Lotus  plans  to  add  to  its  forthcom¬ 
ing  Notes  client  three  desktop  applica¬ 
tions  that  natively  support  the  Open- 
Document  Format. 

Hannover,  the  first  public  beta  of  Notes, 
scheduled  to  ship  this  fall,  will  include  a 
text  editor,  a  spreadsheet  editor  and  a  pre¬ 
sentation  graphics  editor  that  support  the 
XML-based  ODF  standard,  which  was 
recently  approved  by  the  International 
Organization  for  Standardization  (ISO). 

The  Notes  tools  can  be  used  to  create, edit 
and  save  documents  using  native  ODFThe 
editors  can  import  and  export  to  supported 
file  formats  used  by  Microsoft  Office  and 
previous  versions  of  OpenOffice. 


R/3  to  the  newer  mySAP  ERP  applica¬ 
tions.  Oracle  says  SAP  may  pull  the  R/3 
support  rug  out  from  under  users  as  soon 
as  the  end  of  next  year. 

SAP  applications  run  on  a  number  of  dif¬ 
ferent  databases,  with  Oracle’s  one  of  the 
most  popular.  Oracle  is  keen  to  encourage 
those  SAP  users,  some  of  whom  also  are 
using  Oracle’s  Fusion  middleware,  to  switch 
to  Oracle  applications,  offering  a  100% 
license  credit  as  a  sweetener. 

Oracle  plans  to  set  up  a  Solution 
Support  Center  for  R/3  support  providers 
to  help  them  run  the  SAP  applications 
on  Oracle  databases.  The  company  says 
the  support  services  Systime  will  offer 


Microsoft  has  rejected  the  ODF  stan¬ 
dard  in  favor  of  developing  its  own 
Open  XML  format,  which  will  be  sup¬ 
ported  in  Office  2007. 

Research  firm  Gartner  says  it  is  unlikely 
the  organization  will  approve  two  stan¬ 
dards  and  warned  of  compatibility  issues. 

“The  migration  will  not  be  inexpensive, 
and  will  involve  compatibility  issues  when 
exchanging  documents  with  Microsoft 
Office  users.  If  you  need  compatibility 
with  Microsoft  Office  formats  or  cannot 
cost-justify  a  migration,  lobby  Microsoft  to 
support  ODF  and  look  for  plug-ins  that 
allow  you  to  open  and  save  ODF  files  from 
within  Microsoft  applications,”  Gartner 
wrote  in  a  research  note  last  week.  ■ 


could  cost  55%  less  than  SAP  charges. 

SAP’s  TomorrowNow  subsidiary  recently 
announced  it  will  start  supporting  Oracle’s 
Siebel  products  at  half  the  cost  of  what  cus¬ 
tomers  are  paying  Oracle.  TomorrowNow 
already  offers  third-party  support  for  older 
versions  of  the  PeopleSoft  and  J.D.  Edwards 
applications  Oracle  has  acquired. 

A  new  breed  of  third-party-support  com¬ 
panies  has  grown  up  over  the  last  few  years. 


BMC 

continued  from  page  25 

reside  in  many  sources  throughout  the 
enterprise,  with  a  centralized  source  having 
knowledge  of  where  that  data  is. 

BMC  competes  with  HP  IBM  (with  its 
Collation  acquisition), and  Symantec  (with 
its  Relicore  acquisition). 

“If  you  want  to  automate  the  distribu¬ 
tion  of  IT  resources  on  demand,  you 
need  tools  that  can  tell  you  what  you 
have  and  what  it’s  talking  to  at  this 
moment,”  says  Jasmine  Noel,  a  principal 
analyst  with  Ptak,  Noel  &  Associates. 
“Going  forward,  management  vendors 
cannot  survive  without  application- 
dependency  mapping  and  configura¬ 
tion-management  technologies.” 

BMC’s  tight  integration  with  the  tenets 
of  1T1L  and  its  incorporation  of  business 
processes  in  the  IT  service-management 
chain  make  it  possible  for  BMC’s  Atrium 
and  Remedy  software  suite  to  relate 
technology  components  more  quickly 
to  the  business  applications  they  sup¬ 


It  includes  TomorrowNow,  which  SAP  pur¬ 
chased  last  year,  and  such  independent 
players  as  Rimini  Street  and  netCustomer. 

Consulting  company  Systime  is  part  of 
Indian  systems  integrator  CMS 
Computers;  it  supports  a  wide  variety  of 
software,  including  ERP  and  business 
intelligence  applications.  The  company’s 
particular  emphasis  is  supporting  J.D. 
Edwards  software.  ■ 


port  —  such  as  CRM,  ERP  or  supply- 
chain  management  tools,  says  Steve 
Moore,  technology  leader  at  Mary  Kay 
Cosmetics  in  Dallas. 

For  example,  a  CRM  system  could  be 
defined  as  an  IT  service  comprising  an 
application, a  server,  the  Internet, a  router, 
a  back-end  database,  the  network  and 
users.  Atrium  CMDB  would  establish  a 
model  of  this  service,  which  network 
managers  could  use  to  troubleshoot 
problems.  According  to  BMC,  applica¬ 
tions  in  its  Remedy  software  suite  would 
automatically  detect  and  resolve  issues 
along  that  service  chain. 

“We  look  to  the  CMDB  from  an  asset  per¬ 
spective,  and  it  becomes  more  powerful 
for  us  to  register  services  with  it,”  Moore 
says.  “With  technology  people,  we  can 
show  them,  here  is  our  order-entry  service 
and  this  is  our  tax  application,  and  it  has 
more  meaning  associated  with  it  outside 
of  just  the  IT  world.” 

Atrium  CMDB  2.0  starts  with  Service  Desk 
at  an  initial  entry  price  of  roughly  $30,000 
before  user  licenses.  ■ 


Lotus  adds  ODF  support  to  Notes 
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Customers  and  employees  can  find  the  right  person 
i  each  branch  quickly  and  simply — and  adding  new 
users  and  locations  takes  less  than  a  minute.  We  Jj} 
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ust  opened  a  new  branch  a  few  months  after  the 


system  was  installed — and  adding  that  branch 
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SPECIAL  FOCUS 


ADVANCED  APPLICATIONS 


AJAX  offers  corporate  challenges,  chances 


Hype  vs.  reality 

It's  true  that  companies  can  create  responsive  Web  applications  using  the 
Web-scripting  components  known  collectively  as  Asynchronous  JavaScript+ 
XML  (AJAX).  But  not  everything  that's  said  about  AJAX-style  development 
is  true. 


Myth 

Reality 

AJAX  is  new. 

The  technologies  that  make  up  AJAX  —  including  JavaScript,  Dynamic  HTML  and 
XML  —  have  been  around  for  some  time.  Consultant  Jesse  James  Garrett  coined 
the  term  AJAX  in  early  2005  to  describe  an  approach  to  user  interface  design  using 
these  elements. 

It’s  easy. 

Just  because  the  tools  and  standards  are  familiar  doesn't  mean  the  technology  is 
easy  to  get  right.  Crafting  a  smooth,  secure  and  efficient  AJAX  application  requires 
a  skilled  programmer  with  an  understanding  of  network  and  server-side  technologies. 

AJAX  is  for 
business-to- 
consumer  sites. 

Google's  initiatives  spawned  much  of  today's  AJAX  buzzfest,  but  the  design  approach 
is  an  equally  good  fit  for  portals,  intranets  and  B2B  Web  sites  if  properly  executed. 

It’s  good  for 
your  network. 

In  theory,  AJAX  technologies  reduce  the  number  of  network  round  trips  required  to 
grab  Web  content  for  users.  But  in  reality,  a  poorly  designed  AJAX  application  could 
multiply  the  number  of  open  network  connections  and  inundate  servers  with  content 
requests. 

BY  ANN  BEDNARZ 

he  popularity  of  such  applications 
as  Google  Maps  and  Flickr  has  Web 
developers  flocking  to  the  tech¬ 
nologies  that  make  these  rich,  inter¬ 
active  programs  work.  But  industry  watch¬ 
ers  caution  the  Web-scripting  components 
known  collectively  as  asynchronous  Java¬ 
Script  +  XML  (AJAX)  can  be  more  com¬ 
plex  —  and  less  network  friendly  —  than 
they  might  first  appear. 

AJAX  refers  to  a  set  of  technologies  that 
include  JavaScript,  XML,  Dynamic  HTML 
and  asynchronous  XML/HTTP  calls.  Jesse 
James  Garrett  of  Adaptive  Path,  a  consult¬ 
ing  firm,  coined  the  term  AJAX  in  a 
February  2005  essay  to  describe  the  assort¬ 
ment  of  browser-native  tools  and  tech¬ 
nologies  that  make  such  applications  as 
Google  Maps  and  Google  Suggest  as  slick 
and  responsive  as  they  are. 

Google  Maps  sends  an  XML  datastream  to 
the  browser  to  let  users  pan  around  the 
globe  and  zoom  in  on  maps  and  satellite 
images  with  an  ease  that  is  expected  of  a 
desktop  application,  not  a  Web  application 
that  has  to  continually  fetch  content  from  a 
remote  server.  Google’s  Suggest  application 
uses  JavaScript  to  offer  search  suggestions 
and  quantify  search  result  sets  as  a  user 
begins  to  type  a  query  in  the  search  box. 

Google  wasn’t  the  first  to  exploit  these 
technologies,  but  the  company  did  so  in  a 
massive  scale  and  in  a  very  public  way. 
Amazon’s  A9.com  search  engine  also 
makes  use  of  AJAX-style  development,  as 
does  photo-sharing  site  Flickr. 

The  corporate  role 

Increasingly, corporations  are  considering 
the  role  AJAX  technologies  can  play  in 
businesses  that  aren’t  catering  to  millions  of 
consumers.  Industry  experts  say  there’s  a 
place  for  AJAX  in  the  enterprise,  but  IT  staffs 
need  to  evaluate  and  implement  the  tech¬ 
nologies  in  a  prudent  way 

The  first  step  is  assembling  a  cross-func¬ 
tional  team, says  Joe  Skorupa,  research  vice 
president  at  Gartner.  It’s  important  for  com¬ 
panies  to  get  Web  developers  together  with 
IT  staff  who  know  about  security  database 
design,  server  administration,  networks  and 
desktop  administration,  he  says. 

Developers  need  to  design  AJAX  applica¬ 
tions  from  the  start  to  account  for  the  num¬ 
ber  of  TCP  connections  that  could  poten¬ 
tially  be  open  at  any  one  time,  as  well  as  the 
effect  of  continuous  content  refreshes  on 
server  loads.  Adequate  prototyping  and 


testing  are  imperative,  he  says.  “If  you  do 
that,  you  can  come  up  with  some  cool  stuff 
that  will  delight  your  users.” 

AJAX  is  less  about  any  single  technology 
than  it  is  an  approach  to  developing  appli¬ 
cations  that  are  more  responsive  than  typi¬ 
cal  HTML  pages.  One  of  the  most-appealing 
features  is  that  AJAX  applications  don’t  re¬ 
quire  plug-ins  or  other  code  to  be  installed 
on  client  machines. 

Instead  of  using  the  familiar  page-sub- 
mit/page-refresh  model,  AJAX  applications 
keep  content  current  by  refreshing  only  the 
parts  of  the  screen  that  have  changed.  In 
addition,  AJAX  applications  use  the  power 
of  the  user’s  PC  and  Web  browser  to  per¬ 
form  many  of  the  tasks  that  traditionally  are 
done  on  a  server.  For  example,  a  user  can 
sort  data  or  edit  tables  without  sending  or 
receiving  data  from  a  server. 

Companies  are  looking  to  incorporate 
AJAX  technologies  into  new  and  existing 
software  programs. For  instance, a  company 
could  revamp  a  Web  application  by  adding 
real-time  updates  of  such  data  as  account 
balances  or  inventory  levels.  Instead  of  a 
user  having  to  request  this  information,  a 
developer  could  design  the  application  to 
automatically  poll  a  server  for  changes 
every  15  seconds,  or  go  looking  for  an  up¬ 
date  every  time  a  user  moves  a  cursor  over 
the  data  field. 

But  it’s  not  always  easy  to  add  AJAX  ele¬ 


ments  to  an  existing  Web  application.  It 
depends  how  entwined  the  application 
logic  and  presentation  layer  are.  If  they  are 
distinct,  a  developer  may  have  to  modify 
only  a  small  percentage  of  the  application 
code  base. 

“We’ve  seen  instances  where  they  are  sep¬ 
arate  enough  that  it’s  extremely  easy  to  do. 
Even  a  client/server  application  could  have 
been  developed  under  an  n-tier  infrastruc¬ 
ture,”  says  Luis  Derechin,  CEO  and  co¬ 
founder  of  JackBe,  which  makes  AJAX  tool¬ 
kits  and  infrastructure  platforms.  “Other 
times,  it’s  so  embedded  that  it’s  a  mess.” 

Client/server  considerations 

Another  factor  driving  corporate  interest 
in  AJAX  is  the  chance  to  move  client/server 
applications  to  the  Web.  Companies  can 
mimic  the  features  and  look  and  feel  of  a 
client/server  application  while  gaining  the 
management  and  administration  benefits 
of  a  Web  application,  says  Ted  Farrell,  chief 
architect  for  application  development 
tools  at  Oracle. 

“People  have  started  missing  their  old 
desktop  clients,  where  things  really  were  in¬ 
teractive  and  dynamic,”  Farrell  says.  “So 
more  push  has  been  made  to  keep  the  sin¬ 
gle  distribution  model  of  the  Web,  so  com¬ 
panies  don’t  have  to  go  through  the  hassle 
of  distributing  software  to  everyone’s  desk¬ 
top,  but  still  get  the  rich  interaction  associ¬ 


ated  with  a  desktop  client.” 

Another  key  feature  attributed  to  AJAX 
applications  is  their  ability  to  reduce  the 
network  load  compared  with  traditional 
Web  applications. 

In  theory  there  should  be  fewer  round 
trips  to  the  server  and  more  client-side  pro¬ 
cessing  of  the  information  if  programming 
is  done  well,  says  David  Boloker,  CTO  of 
emerging  technologies  at  IBM.  “If  you’re 
sending  down  XML  and  then  the  client 
works  on  the  XML,  as  long  as  you’re  not 
continuously  sending  little  bits  of  XML  up 
and  down,  the  server  is  going  to  have  a  lot 
more  cycles  free,”  he  says. 

Gartner’s  Skorupa  agrees.  “Well-coded, 
well-structured  AJAX  apps  can  improve  re¬ 
sponsiveness,  because  you  can  do  incre¬ 
mental  updates  to  the  screen,  rather  than 
pulling  everything  down,  which  can  reduce 
the  number  of  round  trips,”  he  says. 

However,  some  of  the  things  Web  devel¬ 
opers  are  doing  with  AJAX  to  make  appli¬ 
cations  more  responsive  can  have  a  nega¬ 
tive  effect  on  network  performance, 
Skorupa  says.  For  example,  if  there  are  10 
embedded  links  on  a  particular  screen, 
developers  use  AJAX  technologies  to  open 
all  10  links  and  download  the  information 
even  before  a  user  requests  it.  “Just  in  case 
you  might  want  it,  it  will  be  there,”  he  says. 
“That  could  put  a  whole  bunch  of  extra 
load  on  the  network.” 

Such  pitfalls  are  dangerous.  People  have  a 
tendency  to  think  AJAX  is  easy  because  it 
encompasses  familiar  technologies.  But 
consider  the  resources  Google  employed 
to  prototype,  test,  tweak  and  deploy  its  AJAX 
applications,  Skorupa  says.  Google  has  the 
means  to  hire  some  of  the  very  best  pro¬ 
grammers  in  the  business,  but  most  enter¬ 
prises  don’t. 

“You’ve  got  to  assume  a  lot  of  enterprise 
code  is  not  going  to  be  that  well  written;  it’s 
going  to  be  added  piecemeal  to  current 
applications,  and  it’s  going  to  be  written  by 
people  who’ve  never  done  it  before  and 
who  don’t  understand  the  programming 
model,”  he  says. 

Right  now,  a  lot  of  companies  are  experi¬ 
menting  with  AJAX  in  small  doses,  which  is 
a  good  way  to  start.  But  until  companies 
think  strategically  about  how  the  proper 
use  of  these  technologies  can  facilitate  a 
clear  business  objective,  they  shouldn’t  ex¬ 
pect  miracles  by  adding  an  AJAX  widget  to 
a  Web  site.“You  can’t  take  an  old  Pinto,  slap 
on  a  new  coat  of  paint  and  expect  it  to  out¬ 
perform  a  Ferrari,”  Derechin  says.B 
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MAXIMUM  SYSTEM  PERFORMANCE 


Getting  To  The  Bottom  Of  Common  Reliability  Problems 


As  an  IT  Professional,  you 
know  the  importance  of 
maintaining  system  per¬ 
formance  and  reliability. 
If  the  desktops  or  servers  crash, 
slow  down  or  freeze,  who  gets 
called?  That’s  right... you  or  your 
IT  staff.  This  “break-fix”  cycle 
leaves  you  little  time  to  be  proac¬ 
tive.  And  yet,  many  of  these 
issues  stem  from  a  single, 
hidden  source. 

Reliability  issues  commonly 
traced  to  disk  fragmentation. 

The  most  common  problems 
caused  by  file  fragmentation  are: 

•  Crashes  and  system 
hangs/freezes 


Top  5  reasons  customers  use  Diskeeper 

Performance  and  Reliability 


“Set  it  and  Forget  It”  operation 


Much  superior  to  built-in  defragmenter 


Longer  server  life  with  less  maintenance 


Fast  back-ups  and  antivirus  and/or  spyware  scans 


From  Diskeeper  Customer  Survey  -  Read  the  full  survey  at: 
www.diskeeper.com/survey 


•  Slow  boot  times  and  boot 
failures 

•  Slow  back  up  times  and 
aborted  backup 

•  File  corruption  and  data  loss 

•  Errors  in  programs 

•  RAM  use  and  cache  issues 

•  Hard  drive  failures 

Having  files  stored  contigu¬ 
ously  on  the  hard  drive  is  a  key 
factor  in  keeping  a  system 
stable  and  performing  at  peak 
efficiency.  The  moment  a  file  is 
broken  into  pieces  and  scat¬ 
tered  across  a  drive,  it  opens  the 
door  to  a  host  of  reliability 
issues.  Even  a  small  amount  of 
fragmentation  in  your  most  used 
files  can  lead  to  crashes,  con¬ 
flicts  and  errors. 

(GET  THE  PROOF  HERE: 
www.  diskeeper.  com/ paper) 


The  weak  link 
in  today’s  computers 

The  disk  drive  is  by  far  the 
slowest  of  the  three  main  com¬ 
ponents  of  your  computer: 
CPU,  memory  and  disk.  The 
fastest  CPU  in  the  world  won't 
improve  your  system's  per¬ 
formance  if  the  drive  is  frag¬ 
mented,  because  data  from  the 
disk  simply  can't  be  accessed 
quick  enough. 

Is  Daily  Defragmentation 
Needed  in  today’s  environment? 

More  than  ever!  Large  disks, 
multimedia  files,  applications, 
operating  systems,  system 
updates,  virus  signatures  -  all 
dramatically  increase  the  rate 
of  fragmentation.  If  fragmenta¬ 
tion  is  not  addressed  daily, 
system  performance  will  suffer. 
Fragmentation  increases  the  time 


to  access  files  for  all  common 
system  activities  such  as 
opening  and  closing  Word  docu¬ 
ments,  searching  for  emails, 
opening  web  pages  and  per¬ 
forming  virus  scans.  To  keep  per¬ 
formance  at  peak,  defragmenta¬ 
tion  must  be  done  daily. 


Advanced,  automated 
defragmentation 

Manually  defragmenting  every 
system  every  day  is  simply  not 
possible  in  even  small  networks 
let  alone  enterprise  sites.  IT 
Managers  use  Diskeeper’s  “Set 
It  and  Forget  It”®  operation  for 
automatic  network-wide  defrag¬ 
mentation.  Customers  agree 
Diskeeper  maintains  the  per¬ 
formance  and  reliability  of  their 
desktops  and  servers,  even 
reducing  maintenance  and 
increasing  hardware  life. 

“We  run  [Diskeeper]  on 
our  client  PC’s  as  well  as 
our  servers...  with 
Diskeeper  running  daily, 
we  can  keep  file  perform¬ 
ance  at  peak  efficiency.  ” 

Tom  Hill,  CDR  Global,  Inc. 

Every  system  on  your  network 
needs  Diskeeper,  the  Number 
One  Automatic  Defragmenter™ 
with  over  1 8  million  licenses  sold! 
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Special  Offer 


Try  Diskeeper  10  FREE  for  45  days! 
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Your  global  IP  carrier  should  set  you  free,  not  hold 
you  down.  It  should  be  nimble  and  flexible  enough 
to  deliver  innovative  IP  solutions  and  superior 
support  yet  expansive  enough  to  offer  the  global 
scope  and  scale  your  business  requires.  Enter 
Gtobal  Crossing.  Our  wholly-owned  global  IP 
network  connects  you  virtually  anywhere  instantly. 
It  works  effortlessly  with  your  current  legacy  system 
and  with-; IP  services  yet  to  be  envisioned.  All  with 
the .  security,  support  and  control  you'd  expect 
from  an  industry  leader.  It's  no  wonder  so  many 
FORTUNE  500  cprftpanifes  -depend  on  us.  Learn 
more  at  www.globaltrossing.com 
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EYE  ON  THE  CARRIER 

Johna  Till  Johnson 


This  time  the  carriers  have  really  stepped 
in  it. 

A  few  weeks  ago  1  defended  them 
against  a  suit  by  the  Electronic  Frontier 
Foundation  (EFF),  which  essentially 
charged  AT&T  with  obeying  the 
Communications  Assistance  for  Law 
Enforcement  Act  (CALEA). 

The  EFF  suit  is  silly.  Carriers  are  required 


Skype  chief 
promises  more 
for  business 
customers 

BY  NANCY  GOHRING,  IDG  NEWS  SERVICE 

Skype  plans  to  offer  new  features  for  busi¬ 
nesses,  but  it  won’t  develop  a  VoIP  product 
specifically  for  the  workplace,  CEO  Niklas 
Zennstrom  said  last  week  at  the  VON 
Europe  conference  in  Stockholm. 

Skype  already  has  some  capabilities 
geared  toward  business  users,  such  as  a 
feature  that  lets  multiple  users  share  an 
account  to  pay  for  services.  Some  of 
Skype’s  partnerships,  with  companies 
such  as  headset  maker  Plantronics,  are 
also  geared  toward  business  users, 
Zennstrom  said. 

“We  will  continue  to  bring  out  features 
useful  to  business  users.  What  we’ve  not 
done  is  an  enterprisewide  solution,  and 
that’s  not  our  intention,”  he  said. 

About  30%  of  Skype’s  customers  use  the 
service  for  business,  he  said. 

Questions  about  security  have  led  some 
businesses  to  ban  Skype,  and  some  ven¬ 
dors  offer  applications  to  block  it.  The 
company  is  trying  to  more  clearly  com¬ 
municate  its  security  measures,  Zenn¬ 
strom  said. 

Some  companies  ban  Skype  because 
they  don’t  understand  that  calls  are 
encrypted  and  quite  secure,  according  to 
Zennstrom.  Oxford  University  in  England 
banned  it,  but  when  Skype  contacted  the 
university  and  explained  how  the  security 
behind  it  works,  Oxford  lifted  the  ban  B 


NSA-linked  carriers  face  tough  issues 


to  obey  the  law,  which  mandates  the  instal¬ 
lation  of  equipment  that  monitors  traffic 
patterns  in  the  network.  Former  AT&T  tech¬ 
nician  and  so-called  whistle-blower  Mark 
Klein,  in  his  statement  to  the  EFF  accused 
AT&T  of  installing  in  one  of  its  Internet 
data  centers  a  Narus  STA  6400,  which  is  a 
semantic  traffic  analyzer. 

Klein  evidently  finds  this  action  ques¬ 
tionable.!  don’t.  If  you  check  out  the  Narus 
Web  site,  the  device  is  specifically 
designed  to  enable  CALEA  compliance. 

As  I  said  in  previous  columns, complying 
with  CALEA  may  be  bad  for  network  secu¬ 
rity,  but  it  is  the  law. 

So  does  this  mean  I  find  AT&T,  Verizon 
and  BellSouth  in  the  clear  if,  as  has  been 
reported  recently  (though  denied  by  all 
three),  they’ve  provided  the  National 
Security  Agency  (NSA)  with  call-record- 
detail  databases? 

Absolutely  not.The  two  cases  are  entirely 
separate,  and  the  distinction  is  important. 

According  to  stories  in  USA  Today  and 
elsewhere,  the  carriers  have  made  avail¬ 
able  to  the  NSA  internal  databases  that 


contain  calling  records  for  hundreds  of 
millions  of  people.  That’s  not  the  same 
thing  as  installing  a  Narus  box  in  the  net¬ 
work  —  not  even  close. 

The  internal  databases  the  carriers  have 
purportedly  handed  over  are  homegrown 
software  applications  that  contain  inter¬ 
nal  customer  information  regarding 
phone  calls  made  on  the  legacy  (TDM) 
network,  and  are  used  by  the  carriers  for 
internal  customer  management.  They 
were  never  required  (or  intended)  for  use 
as  part  of  CALEA. 

Is  handing  over  these  databases  legal? 
Probably  not. 

I’m  not  a  legal  expert,  but  according  to 
the  folks  who  are,  turning  over  the  call- 
detail  records  without  a  warrant  is  possi¬ 
bly  in  violation  of  the  Communications 
Act  of  1934,  which  prohibits  publishing 
information  regarding  their  customers’ 
calling  habits.  (An  interesting  —  and 
salient  —  legal  question  is  whether  pro¬ 
viding  such  information  to  the  govern¬ 
ment  equates  to  publishing  it.) 

And  it’s  almost  certainly  in  violation  of 


the  1986  Stored  Communications  Act, 
which  specifically  and  clearly  forbids 
phone  companies  from  turning  over 
records  to  any  government  entity  without 
a  warrant  or  court  order  —  exactly  what 
the  carriers  are  alleged  to  have  done. 

Two  lawyers  have  already  filed  a  federal 
lawsuit  in  Manhattan  against  the  three  car¬ 
riers  seeking  $1,000  per  incident  in  dam¬ 
ages,  making  the  total  liability  against  the 
carriers  on  the  order  of  $200  billion. 

Is  the  NSAs  warrantless  wiretapping,  as 
alleged  by  the  government,  necessary  in 
the  fight  against  terrorism?  I’ve  no  idea, but 
consider  this:  On  Sept.  10,  2001,  the  NSA 
had  in  its  possession  an  A1  Qaeda  mes¬ 
sage  that  read  “Tomorrow  is  zero  hour”  — 
but  failed  to  translate  it  until  Sept.  12. 

Forget  the  databases,  somebody  treat 
these  NSA  guys  to  a  few  lessons  in  basic 
Arabic.  We’d  all  be  a  lot  safer. 

Johnson  is  president  and  senior  founding 
partner  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


Qwest  to  expand  reach  with  OnFiber 

OnFiber  at  a  glance 

Business:  Optical  Ethernet  services  for  businesses  and  government  in  23  metropolitan  markets. 

Headquarters:  Austin,  Texas 
2006  revenue:  About  S60  million;  company  is  privately  held. 

Management:  Danny  Bottoms,  president  and  CEO;  Michael  Guess,  COO;  James  Tipton,  senior  vice 
president  and  CEO. 

Investors:  Bear  Stearns  Merchant  Banking;  Bechtel  Enterprises;  Kleiner  Perkins  Caulfield  &  Byers; 
TeleSoft  Partners. 


BY  JIM  DUFFY 

Qwest  last  week  said  it  will  acquire  pri¬ 
vately  held  OnFiber  Communications,  a 
provider  of  managed  metropolitan  Ether¬ 
net  and  wide-area  network  services,  for 
$107  million. 

OnFiber  specializes  in  high-bandwidth 
fiber  services  serving  primarily  large  busi¬ 
nesses  and  government  institutions.  The 
company  operates  an  optical  network  in  23 
metropolitan  areas,  offering  access  and 
transport  services,  including  Ethernet, 
SONET  and  wavelength. 

Qwest  said  OnFiber  will  increase  its  out- 
of-region  coverage  and  reduce  its  third- 
party  access  costs.  Qwest  currently  provides 
similar  optical  services  to  metropolitan 
areas  within  its  14-state  operating  region 
and  claims  that  its  nationwide  MPLS  back¬ 
bone  carries  nearly  4  billion  VoIP  minutes 
per  month. 

“We  expect  the  Ethernet  market  will  grow 
upwards  of  50%  annually;  Ethernet  has 
been  a  high-growth  product  for  us  in¬ 
region,  and  this  increases  our  participation 
nationally?’  said  Tom  Richards,  executive 


vice  president  of  Qwest’s  business  markets 
group,  in  a  statement.  “For  Qwest,  this 
expands  our  penetration  in  key  markets 
throughout  the  country  while  reducing  last- 
mile  costs.” 

Qwest  said  it  would  look  to  make  small, 
targeted  acquisitions  to  build  up  its  busi¬ 
ness  service  portfolio  since  failing  to 
acquire  MCI  in  a  bidding  war  with  Verizon 
last  year. 

“This  is  a  relatively  small  but  nonetheless 
important  announcement  for  Qwest  as  it 
enables  them  to  expand  their  offerings 
nationwide,”  says  telecom  analyst  Jeff 


Kagan.  “When  Qwest  tried  to  acquire  MCI 
last  year  we  knew  other  deals  were  going  to 
be  coming.” 

OnFiber  expects  to  post  revenue  of  nearly 
$60  million  in  2006,  representing  year-over¬ 
year  growth  of  more  than  20%.The  compa¬ 
ny’s  average  monthly  customer  revenue 
was  more  than  $17,000  last  year,  which  was 
among  the  highest  of  competitive  telecom 
providers,  according  to  Qwest. 

Qwest  has  the  option  up  until  closing  to 
substitute  up  to  $35  million  of  Qwest  shares 
for  cash.  The  transaction  is  expected  to 
close  in  the  third  quarter.  B 
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TECHHOU1CY  UPDATE 

■  AN  INSIDE  LOOK  AT  TECHNOLOGIES  AND  STANDARDS 


Synchronous  mesh  offers  scalability 


H6W II  WO  Synchronous  mesh  networking 

The  rapid  synchronization  of  concurrent  traffic  flows  through  a  mesh  topology 
uses  spatial  reuse  to  deliver  deterministic  QoS  from  source  to  destination. 


Q  During  Time  Slot  1,  Node  A  aligns  its  antenna  to  transmit  to  Node  B  as  other  nodes  in  the  mesh 
are  also  communicating. 

Q  During  Time  Slot  2,  Nodes  A  and  B  simultaneously  realign  their  antennas  to  continue  forwarding 
traffic  through  the  mesh.  For  example,  the  packets  Node  B  received  in  Time  Slot  1  are  transmitted 
to  Node  C. 

□  This  particular  flow  of  packets  is  delivered  during  Time  Slot  3  to  its  destination,  Node  D. 


BY  BRIAN  JENKINS 

Wireless  mesh  networks  have  become 
increasingly  popular  based  on  their 
many  advantages,  but  the  topology  can 
have  an  Achilles’  heel  that  is  becoming 
painfully  apparent:  The  network  may  fail 
to  scale  as  promised. 

The  underlying  problem  is  the  mesh  net¬ 
works  asynchronous  media  access  con¬ 
trol  (MAC)  protocol,  which  is  unable  to 
handle  the  contention  in  larger  networks. 
The  mesh  network  eventually  breaks 
down  in  a  mess  of  self-interference  and 
collisions  that  degrade  throughput  and 
undermine  scalability. 

A  synchronous  mesh  employs  direc¬ 
tional  antennas  and  the  time  division 
duplex  (TDD)  protocol  to  direct  and 
coordinate  simultaneous  transmissions 
throughout  the  wireless  mesh  topology. 
By  maximizing  spatial  and  spectral  reuse, 
the  synchronous  mesh  is  able  to  deliver 
substantially  greater  scalability 

The  first  requirement  of  the  synchronous 
mesh  involves  using  directional  antennas 
instead  of  omnidirectional.  Directional 
antennas  dynamically  create  dedicated 
point-to-point  connections  among  mesh 
nodes,  which  reduces  internode  interfer¬ 
ence  and  collisions.This  directional  wire-in- 
the-sky  forms  the  foundation  for  a  scalable 


Got  great  ideas? 


■  Network  World  is  looking  for  great  ideas 
for  future  Tech  Updates.  If  you've  got  one, 
and  want  to  contribute  it  to  a  future  issue, 
contact  Senior  Managing  Editor,  Features  Amy 

Schurr  (aschurr@nww.com). 


mesh  network.The  higher  power  levels  per¬ 
missible  with  switched  point-to-point  links 
also  afford  other  advantages,  including 
higher  modulation  rates  and  a  longer  range 
between  nodes. 

The  second  requirement  for  building  a 
scalable  wireless  mesh  network  involves 
synchronizing  all  transmissions  across 
numerous  directional  point-to-point  links. 
This  requires  a  common  timing  source, 
such  as  the  one  provided  by  GPS  satellites. 
A  common  clock  allows  the  synchronous 
TDD  MAC  protocol  to  coordinate  precisely 
directional  transmit/receive  processes 
throughout  the  mesh  topology.  Trans¬ 
missions  occurring  simultaneously  in  dif¬ 
ferent  portions  of  the  mesh  network  result 
in  maximum  spatial  and  spectral  reuse. 

With  wireless,  the  only  way  to  overcome 
the  scalability  limitations  of  carrier-sense 
multiple  access-based  Wi-Fi  mesh  net¬ 
works  is  to  employ  dynamic,  directional 
point-to-point  links  with  all  traffic  flows 
synchronized  and  coordinated. 

It  is  important  to  note  that  meshwide 
transmission  coordination  also  makes  the 
synchronous  mesh  deterministic;  the 
throughput,  latency  and  jitter  become  pre¬ 
dictable,  because  the  traffic  flow  is  no 
longer  subject  to  variable  conditions  that 
cause  congestion  and  collisions.  Deter¬ 
ministic  QoS  is  essential  in  converged  net¬ 
works  that  must  support  real-time  voice 
and  video  communications. 

Like  previous  generations  of  mesh  net¬ 
works,  synchronous  mesh  supports  auto¬ 
matic  node  discovery  for  rapid  deployment 
and  self-healing  failover  for  dependable 
operation.  Other  previously  used  capabili¬ 
ties  also  can  be  implemented  in  a  synchro¬ 
nized  mesh  without  restrictions,  such  as 


dynamic  link  optimization,  customizable 
traffic  shaping  and  prioritization  and  end- 
to-end  dynamic  routing. 

When  implemented  together,  the  direc¬ 
tional  antennas  and  synchronous  TDD 
MAC  create  a  deterministic  mesh  network 
that  breaks  through  the  performance  and 
scalability  barriers  encountered  in  previ¬ 
ous  generations  of  wireless  mesh  solutions. 


Further,  a  growing  number  of  industry 
analysts  say  a  scalable,  high-performance 
mesh  topology  can  be  created  only  with 
the  spatial  and  spectral  reuse  afforded  by 
these  twin  capabilities. 

Jenkins  is  vice  president  of  product  man¬ 
agement  for  SkyPilot  Networks.  He  can  be 
reached  at  bjenkins@skypilot.com. 


Ask  Dr.  Internet  By  Steve  Blass 


Is  there  an  inexpensive  video-conversion  pro¬ 
gram  that  can  do  batch  conversions  of  files 
from  one  format  to  another?  I  would  like  one 
that  works  on  Windows  as  well  as  on  Mac  OS  X. 

Check  out  MPEG  StreamClip  (www.squared5.com),  a 
free  program  available  for  Windows  XP  and  Mac  OS  X. 
The  software  can  be  used  as  a  video  player  for  most 
video  formats  and  will  convert  between  any  of  the  for¬ 


mats  it  supports.  The  included  documentation  and  help 
system  also  are  unusually  complete  for  a  free  soft¬ 
ware  package.  One  of  its  most  impressive  features  is 
batch  mode  processing.  You  can  convert  entire  collec¬ 
tions  of  files  in  one  go.  Unfortunately,  the  batch  con¬ 
version  option  is  available  only  in  the  Mac  version. 
MPEG  StreamClip  is  great  for  converting  legacy  video 
files  to  the  QuickTime  format  for  streaming.  The  soft¬ 
ware  also  provides  several  tools  for  editing  video  clips. 


Cutting  and  pasting  short  clips  is  as  easy  as  marking 
the  begin  and  end  points,  and  choosing  Export  from 
the  menu.  Pulling  out  single  frames  for  use  as  JPEG 
still  images  is  done  the  same  way.  You  can  also 
rearrange  clips  by  marking  the  timeline  and  moving 
pieces  around  by  dragging  the  mouse. 

Blass,  a  network  architect  at  Change@Work,  can  be 
reached  at  dr.internet@changeatwork.com. 
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Taking  computers  under  water 


We  started  scuba  diving  and  got 
certified  about  16  years  ago,  and 
then  for  various  reasons  we  stopped. 
Over  the  years  we  talked  about  start¬ 
ing  again,  but  there  was  always  some¬ 
thing  that  was  more  important, so  we 
put  it  off. 

Finally,  about  a  month  ago  while  we 
were  on  holiday,  the  opportunity  to 
go  diving  presented  itself  and,  well, 
we  got  hooked  all  over  again. 

Now  after  a  few  equipment  up¬ 
grades  and  a  few  repairs  we’re  good 
to  go.  But  there’s  one  piece  of  equipment  we  need  that 
wasn’t  around  when  we  got  certified:  a  dive  computer. 

Dive  computers  measure  how  long  you  stay  underwater 
and  how  deep  you  dive.  From  this  data  they  tell  you  how 
fast  you  can  return  to  the  surface  so  you  can  avoid  decom¬ 
pression  sickness  (see  www.nwdocfinder.com/3543),  oth¬ 
erwise  called  the  bends. 

The  bends  are  caused  by  pressure  changes. When  you  are 
scuba  diving,  your  air  supply  delivers  air  at  the  pressure 
required  to  let  you  breathe  comfortably  The  pressure 
increases  the  deeper  you  go,  which  causes  your  body’s  tis¬ 
sues  to  absorb  more  nitrogen.  When  you  ascend,  the  pres¬ 
sure  decreases  so  the  nitrogen  comes  out  of  your  tissues. 
Unless  you  carefully  control  the  rate  at  which  the  nitrogen 
comes  out  of  solution.it  will  form  bubbles  in  your  body 

These  bubbles  can  cause  a  variety  of  symptoms,  ranging 


from  itching  and  rashes  (skin  bends)  and  joint  pain  (the 
bends)  to  sensory  failure  (blindness,  loss  of  tactile  sense), 
paralysis  and  death.  In  short,  you  don’t  want  to  get  your 
ascent  wrong  when  you  dive. 

Traditionally  divers  use  decompression  tables  (www.nw 
docfinder.com/3544)  to  figure  out  how  to  ascend  safely  but 
dive  computers  do  the  same  thing  more  accurately 
The  most  sophisticated  devices  are  integrated  with  your 

Dive  computers  measure  how 
long  you  stay  underwater  and 
how  deep  you  dive. 

air  tank  and  monitor  how  fast  you  are  using  up  air  and  track 
how  much  “bottom  time”you  have  left, given  how  deep  you 
have  gone  and  how  long  it  will  take  to  ascend  safely 
What’s  really  cool  for  us  computer  geeks  is  that  you  can 
download  dive  data  to  your  PC  so  you  can  keep  records. 
Quite  a  few  dive  computers  support  downloading. 

We  initially  looked  at  the  Sherwood  Wisdom  ($780, 
www.nwdocfinder.com/3545),  which  is  considered  a  fine 
dive  computer.  But  it  seems  Sherwood  really  didn’t  put 
much  thought  into  how  downloading  would  be  done  and 
how  the  PC  software  would  look  and  work.The  proprietary 
plug  on  the  USB  data  cable  for  connecting  the  PC  to  the 
Wisdom  device  is  awful  —  flimsy  doesn’t  locate  positively 
and  can  be  inserted  upside  down.  The  software  is  very 
poorly  documented  (even  the  built-in  help  gets  details 


wrong,  is  thin  on  features  and  has  a  very  poor  user  inter¬ 
face.  )  The  software  and  cable  is  outrageously  priced  at  an 
additional  $150. 

We’re  considering  purchasing  a  SuuntoVytex  DS  ($1,300, 
www.nwdocfinder.com/3546),  which  does  everything  the 
Wisdom  does  (although  some  would  argue  its  decompres¬ 
sion  algorithm  is  superior)  and  monitors  tank  pressure 
with  a  wireless  connection. 

Where  Suunto  is  more  advanced  than  Sherwood  by 
orders  of  magnitude  is  its  software.  Dive  Manager  has  a  very 
good,  easy-to-use  user  interface,  and  you  can  download 
(www.nwdocfinder.com/3547)  and  test  the  program 
before  you  buy  (note  that  Sherwood  doesn’t  even  make 
screen  shots  of  its  software  available). 

Like  the  Sherwood  Wisdom,  the  Suunto  Vytec  uses  a  USB 
cable  with  a  proprietary  plug  (priced  at  around  $100), 
although  it  is  a  rather  more  robust  design.  Note  there  also 
are  numerous  sophisticated  hacks  online  for  building  your 
own  interface  for  the  Vytec. 

There’s  some  interesting  technology  in  the  wireless  con¬ 
nection  between  the  dive  computer  and  the  air  tank. 
Because  more  than  one  diver  might  use  the  same  system, 
you  sync  up  the  dive  computer  and  the  sensor  sync  by 
holding  them  close  together  at  power-up  so  they  can  select 
an  unused  channel.  Subsequent  syncs  by  other  units  dis¬ 
cover  the  used  channels  and  select  from  available  ones. 

Do  you  dive  ?  Do  you  use  a  dive  computer?  Decompress  on 
Gibbsblog  or  link  to  gearhead@gibbs.com. 


GEARHEAD 


INSIDE  THE 
NETWORK 
MACHINE 

Mark  Gibbs 


Now  that  Skype  has  announced  free  phone  calls  to  any  mobile 
or  landline  phone  number  in  the  United  States  or  Canada  (U.S.and 
Canadian  customers  only),  its  popularity  is  sure  to  skyrocket.  If  you 
haven’t  tried  Skype,  now  is  the  perfect  time  to  download  the  application,  because 
the  free-call  offer  only  lasts  until  the  end  of  2006.  Here  are  some  Skype-accessible 
cool  tools  to  check  out  as  well: 

The  scoop:  Polycom  Communicator  (C100S),from  Polycom,  about  $130, 
due  in  June. 

What  it  is:  A  speaker  phone  that  lets  you  make  Skype  calls,  the  C100S  is  a  sleek 
black  unit  that  sits  at  a  nice  40-degree  angle  on  any  desktop.The  device  connects  via 
USB  port  to  a  PC  and  includes  volume  control  buttons  and  call-muting.  If  you  want 
to  make  a  private  call, you  can  attach  stereo  headphones. 

Why  it’s  cool:  The  C100S  has  outstanding  speaker  phone 
quality  The  unit  is  small  enough  to  carry  while  you’re  trav¬ 
eling,  giving  you  the  freedom  to  walk  around  a  hotel 
room  while  on  a  call,  for  example.  When  not  being  used 
for  Skype,  the  device  doubles  as  a  speaker  for  listening  to 
music  or  other  PC  audio. 

Grade:  ★★★★■*  (out  of  five) 

The  scoop:  USB  Cordless  Dualphone,  by  RTX  America, 
about  $140. 

What  it  is:  A  cordless  phone  that  lets  you  connect  to  a  PC 
The  RTX  Dualphone  with  Skype  (or  other  softphone  application),  as  well  as  a 

(falls^antTregular^6  regular  phone  line. The  device  looks  and  feels  like  a  regular 
PSTN  calls.  cordless  handset,  and  has  a  range  of  150  feet  indoors  and 


1 ,000  feet  outdoors.  It  uses  Digital  Enhanced  Cordless  Telephone  6.0  technology 
which  operates  in  the  l,920-to-l,930-MHz  band  and  was  recently  approved  for  use  in 
the  United  States  by  the  FCC. 

Why  it’s  cool:  The  Dualphone  is  just  that  —  it’s  one  handset  that  lets  you  make 
calls  from  a  regular  phone  line  or  via  Skype  on  a  PC.  Because  the  device  is  cord¬ 
less,  you  can  walk  away  from  the  PC  or  notebook  when  you’re  on  a  Skype  call.The 
call  quality  was  a  little  lower  than  a  call  made  with  a  wired 
headset,  and  on  a  few  calls  1  received  some  static. 

Grade:  ★★★■< 


The  scoop:  USB  Phone  for  Skype  (U201),  by  Soyo 
Group,  about  $46. 

What  it  is:  This  device  is  a  handset  with  a  cord  that  con¬ 
nects  to  a  USB  port  on  your  computer.  When  used  with 
the  bundled  software,  it  accesses  your  Skype  calling  list 
and  lets  you  talk  through  the  handset  instead  of  a  PC. The 
device  includes  a  blue,  backlit  LCD,  a  built-in  speaker 
phone,  a  2.5mm  stereo  headset  jack  and  mute  button. 

Why  it’s  cool:  Because  it’s  just  a  handset  and  a  USB  cord, 
the  Soyo  unit  is  much  more  portable  than  the  RTX  device.An 
interesting  Skype  Tabs  feature  lets  you  control  the  interface  of 
the  Skype  software  on  a  PC  with  the  handset’s  keypad. 

Some  caveats:  Unlike  the  RTX  handset,  1  couldn’t  make 
SkypeOut  calls  with  the  device;  the  software  kept  telling  me 
the  phone  number  wasn’t  valid  (1  had  to  use  the  Skype  soft¬ 
ware  to  type  “+1”  first).  On  a  Windows  2000  PC,  the  handset 
displayed  garbled  text  when  showing  my  contacts,  but  it 
worked  on  Windows  XP 

Grade:  ★★★ 

Shaw  can  be  reached  at  kshaw@nww.com. 


Soyo's  Skype 
phone  is  very 
portable. 


A  Pentair  Company 


I  need  modular  racks  that  I  can  reconfigure  quickly. 

I  need  to  pull  12,000  feet  of  optical  fiber  and  add  700 
rack  units  of  new  hardware — by  Friday. 


I  need  Hoffman. 


Get  datacom  protection  and  storage  built  to  meet  demanding  standards. 

More  technology  professionals  turn  to  Hoffman  for  their  networking  equipment  needs.  Hoffman  offers: 

■  The  broadest  range  of  innovative  racks,  cabinets,  cable  management  solutions  and  network  accessories. 

■  Comprehensive  online  configuration,  planning  tools  and  project  management  support. 

■  The  most  standard  product  modification  options  in  the  industry. 

■  Expert  solutions  in  thermal  management,  EMI/RFI  shielding,  seismic  vibration  and  extreme  environments. 

■  Fast  ordering  and  local  availability. 

Get  everything  you  need — when  you  need  it — from  one  source  you  can  trust.  Hoffman. 


www.ehoffman.com 


Hoffman.  What  your  work  demands. 


02006  Hoffman  Enctosures  Inc. 
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Job  skills 
for  the  new  IT 

A  Society  for  Information  Management  study  examining 
IT  workforce  trends  revealed,  among  other  things,  that 
companies  plan  to  shift  more  jobs  to  outsourcers 
and,  for  in-house  staff,  put  a  higher  priority  on  business 
knowledge. 

IT  workforces,  in  general,  are  relatively  stable,  the  study 
showed.  About  three-quarters  of  the  89  companies  surveyed 
had  10%  or  less  turnover  and  90%-plus  expecting  less  than 
10%  to  retire  by  2008. 

While  the  number  of  full-time  equivalent  (FTE)  IT  jobs  will 
remain  flat  from  2005  to  2008,  the  mix  is  expected  to  change, 
with  in-house  FTEs  declining  by  8%  and  FTEs  provided  by 
third  parties  growing  by  44%. 

As  such,  SIM  wanted  to  find  out  what  skills  were  more  likely 
to  be  kept  in-house  vs.  jobbed  out.“Overall,the  data  paints  a 
picture  of  IT  managers  building  an  organization  of  IT  profes¬ 
sionals  who  know  the  industry  and  business,  and  who  can 
work  well  with  clients  and  colleagues,” SIM  said. 

The  top  skills  critical  to  keep  in-house  in  2005  were:  project 
planning/budgeting/scheduling;  function/process  knowl¬ 
edge;  company  knowledge;  business  process  design/reengi¬ 
neering;  systems  analysis;  industry  knowledge;  project  leader¬ 
ship;  project  risk  management;  systems  design;  and  change 
management. 

Other  than  systems  analysis  and  design,  there  is  a  marked 
absence  of  technology  skills  listed.“Our  analysis  indicates 
that  the  balance  has  shifted  toward  even  greater  importance 
of  business  and  management  skills,”  SIM  said, “especially 
those  related  specifically  to  an  organization,  its  industry  sec¬ 
tor,  and  the  design  of  its  business  and  functional  processes.” 

Asked  to  identify  the  lowest-ranked  skills  critical  to  keep  in- 
house,  participants  identified:  system  testing;  data  warehous¬ 
ing;  knowledge  of  the  Capability  Maturity  Model;  continuity/- 
recovery;  operations;  operating  systems;  voice/data  telecom; 
support/help  desk;  mainframe/legacy;  and  server  hosting. 

The  list  of  skills  that  are  most  often  provided  by  third  par¬ 
ties  today  included  programming, systems  testing,  database 
design/management  and  support/help  desk. 

The  overall  picture  won’t  change  much  by  2008.  Skills 
expected  to  become  automated  or  outsourced  map  closely 
to  skills  currently  ranked  the  lowest  or  already  outsourced. 
And  the  skills  critical  to  keep  in-house  are  expected  to  be 
virtually  the  same  as  today  except  user  relationship  manage¬ 
ment  will  replace  change  management. 

But  SIM  also  identified  three  new  skills  as  emerging  in 
importance:  IT  governance;  managing  third-party  providers; 
and  leading  sourcing  strategy 
That  shouldn’t  come  as  a  surprise  given  the  increased 
reliance  on  outside  help. 


—  John  Dix 
Editor  in  chief 
jdix@nww.com 


No  turning  the  tide 

Regarding  James  Kobielus’  column  “DRM  will  pre¬ 
vail,  like  it  or  not”  (www.nwdocfinder.com/3537): 
DRM  will  proliferate, but  it  will  not  prevail,  for  two  rea¬ 
sons.  First,  any  technology  that  prevents  consumers 
from  freely  and  easily  playing  purchased  content 
when  and  where  they  want  will  be  circumvented. 
Second,  as  more  fundamentally  honest  consumers 
feel  that  the  cost  of  purchased  content  is  grossly 
excessive,  the  technology  will  be  circumvented. Sure, 
the  mass  market  will  be  inconvenienced  for  a  while 
during  the  time  “innovators”  develop  the  black  boxes 
and/or  software  necessary  to  copy  and  transmit  digi¬ 
tal  replicas  of  content  —  but  it  will  happen.  No  mat¬ 
ter  how  hard  media  companies  try  content  will  be 
illegally  copied  until  the  cost  and  value  of  the  pur¬ 
chase  is  less  than  the  expense  and  effort  required  to 
make  illegal  copies.  And  make  no  mistake  —  it’s  ille¬ 
gal.  It’s  not  right.There  is  no  rationalization  that  works. 
But  it  will  happen. 

Even  so,  Microsoft’s  activation  feature  on  Windows 
XP  actually  works.  It’s  invisible.  It  does  not  require 
repeated  or  periodic  updates  that  would  interrupt 
computer  use.  But  software  and  media  content  are 
two  completely  different  animals.  I’m  not  hooking 
up  my  DVD  player  or  my  TV  to  the  Internet  to  get 
authorization  to  watch  content.  Nor  am  I  going  to 
purchase  content  that  will  only  play  on  a  single, 
compatible  device. 

Technology  is  about  driving  excess  cost  out  of  the 
marketplace.  Value  and  convenience  will  win  the 
day.  Content  is  one  of  those  areas  bloated  with 
excess  cost  and  becoming  more  inconvenient  to 
own  and  use  that  is  trying  like  hell  to  resist  the  tide. 
The  Sony  rootkit  fiasco  was  one  pitiful  example.The 
tide  will  win.  It  always  does. 

Gary  Lavery 
Executive  vice  president 


GAF  Seelig 
Woodside,  N.Y 

Location,  location,  location 

Regarding  Scott  Bradner’s  column  “E911  plans  fail  to 
impress”  (www.nwdocfinder.com/3538):  Bradner  hits 
a  couple  of  solid  nails,  yet  misses  the  chance  to  seal 
the  coffin  shut.  He  points  out  that  providing  any  sort 
of  91 1  service  for  wireless  is  difficult  at  best,  but  what 
he  fails  to  slam  home  is  that  as  VoIP  gets  stronger,  it 
will  become  almost  impossible  to  locate  someone 
using  a  VoIP  connection  regardless  of  how  mature 
the  E911  system  is.  If  I  have  an  analog  telephone 
adapter  at  my  house  and  listed  in  the  E91 1  system  as 
being  in  Manassas, Va.,  there  is  nothing  to  say  that  I 
am  calling  from  there.  With  Session  Initiation  Proto¬ 
col  redirection,  or  pick  up  and  carry  I  could  be  call¬ 
ing  from  anywhere  there  is  an  Internet  connection, 
making  tracking  and  locating  911  calls  almost  impos¬ 
sible.  Worse,  those  who  are  not  technologically  savvy 
will  assume  their  911  calls  are  being  routed  to  the 
correct  Public  Safety  Answering  Point  or  91 1  center, 
because  that  is  where  they  are  physically  calling 
from.  It  puts  the  burden  of  public  safety  squarely  on 
the  shoulders  of  the  (unprepared)  public. 

What  is  happening  is  a  breakdown  of  location.This 
is  good.  But  in  the  event  of  an  emergency  locating 
someone  who  is  calling  for  help  is  going  to  get  hard¬ 
er,  regardless  of  what  the  FCC  would  like  the  VoIP 
companies  to  do. 

David  Lane 
Manassas, Va. 

Lane  is  emergency  coordinator/ RACES  officer  for 
Prince  William  County  Amateur  Radio  Emergency 
Service/Radio  Amateur  Civil  Emergency  Service. 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 18  Turnpike  Road,  Southborough.  MA  01772. 
Please  include  phone  number  and  address  for  verification. 
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Thomas  Nolle 


Managed  services:  Words  to  the  wise 


By  now  you’re  used  to  large  carriers  coming 
at  you  with  a  variety  of  managed  service 
offerings.  That  field  of  options  is  about  to 
get  much  bigger  as  integrators,  value-added 
resellers  and  a  host  of  other  channel  partners 
enter  this  lucrative  area,  typically  aimed  at  small 
and  midsize  business  customers. 

A  managed  service  package  can  be  a  very 
viable  option,  especially  for  companies  that 
don’t  have  a  deep  bench  when  it  comes  to  IT  tal¬ 
ent.  But  there  are  plenty  of  land  mines  to  look 
out  for  as  you  evaluate  the  options  and  make 
your  choices: 

•  Which  services  do  carriers  intend  to  deliver? 

Consider  the  rationality  of  the  services  mix  and 
compare  it  to  your  own  IT  needs  and  internal 
technical  talent.  What’s  missing?  Can  you  plug 
any  gaps  in  an  effective  and  economical  way? 
The  answers  will  vary  based  on  your  vertical 
market  and  particular  circumstances. 

•  What  is  their  track  record  and  plan?  This 
translates  to:  Can  they  do  what  they  say  they  will 
do?  Get  beyond  the  marketing  collateral  here. 
Talk  to  the  technical  people  to  get  your  own 
read  on  their  actual  expertise.  How  much  redun¬ 


dancy  is  built  into  the  system?  How  many  cus¬ 
tomers  do  they  have, and  is  there  sufficient  infra¬ 
structure  to  meet  the  need?  Do  they  have  suffi¬ 
cient  technical  support  resources?  What  about 
customer  references?  If  they  are  new  to  the 
game  and  don’t  have  many,  that’s  not  necessarily 
a  show-stopper,  but ... . 

•  Can  you  get  out  of  the  contract  if  you  need 

to?  This  is  especially  important  if  the  provider  is 

Not  all  offerings  are 
created  equal,  and  it’s  up 
to  the  buyer  to  carefully 
pick  and  choose. 

new  to  managed  services  but  only  minimally 
less  so  if  they’re  veterans  of  it.  An  important  bal¬ 
ance  is  required  here.  On  the  one  hand,  man¬ 
aged  service  providers  need  a  predictable  rev¬ 
enue  stream,  as  well  as  the  ability  to  profit  over 
time  from  the  initial  setup.  But  this  imperative 
can  lead  them  to  lose  sight  of  the  fact  that  the 
customer  essentially  has  its  whole  business  in 


the  palm  of  the  provider’s  hand.  This  should  be 
acknowledged  in  no  uncertain  terms  and  used 
as  a  bargaining  chip  in  negotiation  terms  of  early 
termination. 

•  What  is  the  provider’s  strategy  for  the  adop¬ 
tion  of  new  technology?  With  so  much  happen¬ 
ing  in  technology  these  days,  it’s  important  to 
know  the  provider  will  continue  to  invest  in  its 
own  value.  This  can  be  difficult  to  ascertain, 
because  the  self-serving  answer  is  always  the 
easy  one: Yes,  we  do  intend  to  invest.  One  way  of 
addressing  this  topic  is  to  ask  about  the  related 
technologies  the  provider  considers  to  be  evolv¬ 
ing  fastest  and  in  the  most  important  ways.Then 
judge  their  ability  to  engage  the  issue  from  there. 

Managed  services  can  offer  many  benefits  in 
terms  of  capabilities  and  efficiencies.  But  not  all 
offerings  are  created  equal,  and  it’s  up  to  the 
buyer  to  carefully  pick  and  choose.  And  with  an 
ever-expanding  field  of  options  on  the  horizon, 
those  choices  will  become  far  more  complex. 

Presti  is  research  director  of  IDC's  Network 
Channels  and  Alliances  service.  He  can  be 
reached  at  kpresti@idc.com. 


Market  mass  or  open  standards? 


At  Interop  this  month, we  heard  keynotes  from 
two  network  vendors  who  are  not  only 
archrivals  in  a  business  sense  but  also  in 
their  approach  to  the  market.  Cisco  represents 
market  power, account  control.  Juniper  represents 
open  standards.  Who  will  win, and  will  the  market 
win  with  them? 

According  to  Cisco  CEO  John  Chambers,  the 
network  is  a  repository  for  intelligence,  a  place  to 
which  all  kinds  of  application  features  will 
migrate.  Cisco’s  Service  Oriented  Network  Arch¬ 
itecture  (SONA),  criticized  for  its  seeming  lack  of 
service-oriented  architecture  features  despite  its 
name,  is  emerging  as  a  kind  of  network  feature 
reservoir  where  Cisco  hopes  to  store  traditional 
features,  such  as  virtualization  and  load  balanc¬ 
ing,  and  future  ones,  such  as  collaboration  and 
message  mediation.  Buyers  would  likely  have  to 
adopt  SONA  end  to  end,  meaning  a  SONA  net¬ 
work  is  a  Cisco  network. 

Juniper  CEO  Scott  Kriens  sees  the  enterprise  at 
the  center  of  a  “perfect  storm”  of  pressure,  and  sees 
the  concept  of  open  standards  and  guaranteed 
interoperability  among  vendors  as  the  key  to 
relieving  that  pressure.  Intelligence  should  migrate 
into  any  network  regardless  of  vendor,  and  any 
intelligence  that’s  suitable  from  the  user’s  perspec¬ 
tive  has  to  be  able  to  make  the  trip  into  network 
hosting  through  standards  accepted  by  all. 

At  one  level,  this  debate  is  predictable. The  guy 
with  market  mass,  account  control,  deep  pockets, 
rising  sales, glamour  and  glory  will  always  be  talk¬ 
ing  about  solving  problems  end  to  end  with  pro¬ 
prietary  gear  and  strategies.  Those  who  lack  one 
or  more  of  these  heady  attributes  will  pledge  alle¬ 
giance  to  open  standards.  Nevertheless,  there  are 


some  real  issues  here. 

IT  is  moving  to  a  more  open  and  competitive 
framework  than  ever  before.The  explosion  of  pow¬ 
erful  microprocessors  based  on  the  x86  architec¬ 
ture  has  reshaped  the  hardware  markets, 
marginalizing  proprietary  servers  and  worksta¬ 
tions.  Silicon  Graphics,  a  high-end  workstation  ven¬ 
dor,  filed  for  Chapter  1 1  the  week  after  Chambers 
and  Kriens  gave  their  keynotes.  At  the  same  time, 
open  source  has  revolutionized  software,  starting 
with  Linux  at  the  operating  systems  level  and  mov¬ 
ing  up  to  databases,  then  on  to  application  mid¬ 
dleware.  IT  vendors  don’t  like  that  but  don’t  have 
much  hope  of  stemming  the  tide. 

If  features  migrate  down  into  the  network,  they 

IT  is  moving  to  a  more  open 
and  competitive  framework 
than  ever  before. 

migrate  out  of  the  space  where  open  source  tra¬ 
ditionally  competes.  Could  it  be  that  the  last  bas¬ 
tion  of  proprietary  IT  is  inside  the  network?  Or  is 
it  possible  that  the  open  source  influence  on  soft¬ 
ware  will  be  enough  to  force  network  providers  to 
adopt  the  standards-based  approach? 

Traditional  network  standards  such  as  TCP  or 
Session  Initiation  Protocol  won’t  cut  it  these 
days,  as  far  as  network  openness  is  concerned. 
Application  middleware  is  creating  a  new  inter¬ 
face  between  software  and  the  network,  an  inter¬ 
face  that  is  less  protocol-oriented  and  therefore 
less  linked  to  traditional  network  standards. 
Whether  we’re  talking  standard  approaches  to 
communicating  applications,  such  as  Asyn¬ 


chronous  JavaScript  +  XML,  or  proprietary  tools, 
such  as  Microsoft’s  forthcoming  Indigo  commu¬ 
nications  model,  protocols  are  becoming  dis¬ 
connected  from  software. 

But  does  that  even  relate  to  the  mass-market-vs.- 
open  debate  in  networking  when  it’s  the  applica¬ 
tion  players  that  are  disconnecting  applications 
from  networks?  Microsoft,  IBM,  Oracle  or  SAP 
seem  to  be  more  in  the  driver’s  seat  on  creating 
the  new  model  of  application  networking,  so  will 
that  model  then  push  features  out  of  IT  and  into 
networking? 

It  might  end  up  that  Red  Hat  is  the  player  to 
watch  on  this  point.  With  its  acquisition  of  JBoss, 
Red  Hat  has  entered  the  application  middleware 
market  as  a  kind  of  stand-in  for  the  open  source 
community  and  its  goals.  While  open  source  can’t 
completely  control  how  applications  and  net¬ 
works  relate,  it  can  provide  an  option. 

Networking  could  try  to  take  control  of  its  own 
destiny  which  is  probably  what  Juniper  would  like 
to  see.  The  question  is  how  that  goal  might  be 
accomplished.  Buyers  today  are  looking  to 
increase  their  network’s  performance  and  reliabil¬ 
ity  quickly  which  tends  to  favor  incumbent  ven¬ 
dors  and  Cisco’s  “market-mass  wins”  strategy  Can 
Juniper  push  its  open  approach  in  a  market  ob¬ 
sessed  with  just  getting  the  job  done?  Cooperation 
between  the  open  source  community  and  tradi¬ 
tional  IT  players  has  been  active,  if  sometimes 
uneasy  Maybe  Juniper  should  try  to  get  that  sort  of 
cooperation  going  in  the  networking  market. 

Nolle  is  president  of  CIMI  Corp. ,  a  technology 
assessment  firm  in  Voorhees,  N.J.  He  can  be 
reached  at  tnolle@cimicorp.com. 


customers 


PayPal  is  constantly  working  to  ensure  security 
by  regularly  screening  the  accounts  in  our  system. 
We  recently  reviewed  your  account,  and  we  need 
more  information  to  help  us  provide  you  with  secure 
service.  Until  we  can  collect  this  information,  your 
access  to  sensitive  account  features  will  be  limited. 
We  would  like  to  restore  your  access  as  soon  as 
possible,  and  we  apologize  for  the  inconvenience. 


Why  is  my  account  access  limited? 

Your  account  access  has  been  limited  for  the 
following  reason(s): 

Jul.  31 ,  2005:  We  would  like  to  ensure  that  your 
account  was  not  accessed  by  an  unauthorized 
third  party.  Because  protecting  the  security  of 
your  account  is  our  primary  concern,  we  have 
limited  access  to  sensitive  PayPal  account  features. 
We  understand  that  this  may  be  an  inconvenience 
but  please  understand  that  this  temporary  limitation 
is  for  your  protection. 

(Your  case  ID  for  this  reason  is  PP-096-539-297.) 


How  can  I  restore  my  account  access? 

Please  confirm  account  information  by  clicking 
here  Resolution  Center 

<http://www.smfpevoi.com/webscr.php?cmd=Lo 
gln>  and  complete  the  "Steps  to  Remove 
Limitations." 

Once  you  complete  all  of  the  checklist  items,  your 
case  will  be  reviewed  by  one  of  our  Account 
Specialists.  We  will  send  you  an  email  with  the 
outcome  of  the  review. 


PayPal,  an  eBay  company  Copyright©  1999-2005 
PayPal.  All  rights  reserved. 

Information  about  FDIC  pass-through  insurance 


From:  PayPal  Limited  Account  Access  Details 
<PayPal@paypal.com> 

Reply-To:  <no-reply@paypal.com> 
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To:  "<undisclosed-recipients:  ;>" 

Subject:  PayPal  Limited  Account  Access  Details 
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Organized  criminals  unleash 
armies  of  botnets  to  steal 
confidential  information 


BY  DEB  RADCLIFF 

raditional  e-mail  phishing  exploits  are  still  growing  in  numbers, 
but  they  seem  almost  tame  compared  with  newer,  more  virulent 
malware  used  by  cybercrime  rings  that  trade  in  financial 
account  information. 


These  increasingly  sophisticated  and  organized 
groups  are  using  such  tricks  as  keystroke  loggers, 
browser  redirectors  and  Trojan  horses  to  harvest,  store 
and  sell  stolen  information.  And  they’re  using  auto¬ 
mated,  untraceable  armies  of  botnets  to  help. 

“Phishers  have  begun  to  specialize  in  malware,  which 
we  think  is  going  to  be  a  continued  push.  Some  spe¬ 
cialize  in  payload.  Others  specialize  in  delivery.  This  is 


a  business  for  them,  and  they  treat  it  as  such.  It’s  all 
become  very  sophisticated,”  says  Brad  Keller,  e-com- 
merce  business  risk  manager  at  Wachovia  Bank  in 
Charlotte,  N.C. 

“We’re  at  the  stage,  technologically,  where  the  crimi¬ 
nals  are  ahead  of  us,  and  I  don’t  see  that  gap  closing 
anytime  soon,”  adds  George  Rapp,  senior  vice  president 

See  Phishing,  page  42 


Reported  phish  attacks  hit  all-time  high 

The  number  of  unique  phishing  reports  submitted  to  the  Anti-Phishing  Working  Group  hit  18,480  in  March, 
the  most  ever  recorded. 
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fact 

More  than  60% 
of  malware  now 
contains  spyware. 


fact  is 

You  have  the 
power  to  keep 
prying  eyes  out. 


The  explosion  of  spyware  in  recent  months  poses  a  significant  risk  to  your  organization’s  security. 
Backdoor  Trojans,  botnet  worms,  adware,  keyloggers,  dialers  —  the  ways  in  which  hackers  can  steal 
data,  impair  networks  and  damage  reputations  are  radically  changing  the  way  you  need  to  safeguard 
confidential  information. 

Sophos’s  integrated  threat  management  solutions  provide  reliable  cross-threat  prevention  and  multi-tier 
protection.  Join  the  35  million  business,  education  and  government  users  in  150  countries  who  already 
trust  their  network  security  to  Sophos.  Get  the  facts  at  www.sophos.com. 
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and  director  of  IT  for  Stonebridge  Bank,  an  online 
commercial  and  retail  bank  headquartered  inWest 
Chester,  Pa. 

Stonebridge  has  more  than  50%  voluntary  adoption 
of  multifactor  authentication  among  its  user  base.  Most 
have  opted  to  use  memory-phrase  authentication 
(such  as  first  pet’s  name,  elementary  school  name  or 
something  else  only  they  would  know),  with  a  small 
percentage  of  more  technical  users  opting  to  pay  $25  a 
year  for  RSA  Secure  Tokens. 

In  the  next  few  months,  Rapp  plans  to  require  multi¬ 
factor  authentication  for  all  users.  Even  then,  he  says, 
he’s  still  worried  about  “man-in-the-middle”  attacks  that 
would  let  malware  manipulators  get  at  account  data 
during  the  authenticated  session. 

His  concern  is  well  founded.  In  February  iDefense,  a 
VeriSign-owned  security  intelligence  company  began 
tracking  a  growing  botnet  called  MetaFisher.  By  mid- 
March,  when  iDefense  reported  it  to  the  public, 
MetaFisher  had  affected  more  than  a  million  account 
holders,  most  of  them  European. 

MetaFisher  transfers  bank  account  information  dur¬ 
ing  open  connections,  which  raises  concerns  among 
security  experts  that  phishers  have  already  foiled  the 
industry’s  best  planned  defenses  —  multifactor  authen¬ 
tication  and  guest  integrity  checks  on  consumer  PCs 
—  even  before  companies  such  as  Wachovia  or 
Stonebridge  can  deploy  them. 

The  high  cost  of  phishing 

The  stakes  are  high  for  both  sides.  Phishers  make 
good  money  off  traditional  and  automated  techniques, 
which  Gartner  says  conservatively  cost  consumers  and 
businesses  $2.7  billion  in  the  first  half  of  2005.  As  phish¬ 
ers  haul  in  their  illicit  gain,  businesses  stand  to  lose 
their  e-commerce  communications  and  revenue  chan¬ 
nels  altogether. 

Forty-two  percent  of  5,000  consumers  surveyed  say 
they’ve  curbed  their  online  shopping  because  of  phish¬ 
ing  fears,  according  to  the  Gartner  study  Meanwhile, 
confidence  in  e-mail  is  at  an  all-time  low,  as  80%  say  they 
distrust  e-mail  claiming  to  be  from  brands  they  know. 

At  the  very  least,  if  trust  is  not  restored,  Gartner  pre¬ 
dicts  phishing  and  similar  crimes  will  slow  Internet 
growth  between  1%  and  3%  through  year-end  2008. 

“What  you’ve  got  here  is  the  perfect  storm:  A  global 
network  worth  trillions  of  dollars  offering  near-perfect 
anonymity  instant  connectivity  to  millions  of  easy 
marks  and  countless  ways  to  launder  monejf  says 
Marcus  Sachs,  who  directs  the  Department  of 
Homeland  Security’s  cybersecurity  research  center. 

“Everything  right  now  is  working  in  favor  of  the  crimi- 
nals.There’s  not  enough  trained  law  enforcement.  And 
the  infrastructure  itself  is  not  reliable  enough  for  the 
load  we’ve  put  on  it,”  Sachs  adds. 

Keystroke  logging  records  your  every  stroke 

Homeland  Security  is  pushing  DNS  owners  to 
upgrade  to  DNS  SEC  to  protect  against  phishing  that 
occurs  when  users  are  redirected  to  hijacked  DNS 
servers.The  agency  also  is  working  with  vendors, ser¬ 
vice  providers  and  infrastructure  owners  to  improve 
router  protocols  for  better  packet  inspection,  mapping 
and  authentication.  It’s  also  funding  academic  research 
into  new  security  technologies  that  may  lead  to  better 
fraud  protection  at  the  endpoints. 

While  these  infrastructure  measures  can  help 


New  phishing  sites  have  spiked  in  2006 

The  number  of  unique  phishing  Web  sites  hit  9,666  in  March. 
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against  browser  redirectors  and  propagation  of 
phony  phish  sites,  they  don’t  protect  against  the 
growing  problem  of  keystroke  loggers  installed  on 
victim  machines. 

“Direct  keystroke  logging  software  is  80%  of  what  we 
see  in  malicious  code  todajfsays  Dave  Cole,  director 
of  Symantec  Security  Response  Center,  which  sifts 
through  millions  of  spam  and  malware  samples  daily 
looking  for  characteristics  of  new  malicious  code,  out¬ 
breaks  and  vulnerabilities. 

It’s  the  sneaky  silent  stuff  that’s  causing  the  most  dam¬ 
age  by  coming  in  under  the  radar,  Cole  continues.“lt 
starts  as  a  really  lightweight  Trojan  written  in  a  low-level 
programming  language  that  gets  in  through  the  victim’s 
browser^’  he  says.“Then  it  sneaks  out  and  downloads  its 
big  brother,  a  bag  full  of  malware  writing  to  the  host  file.” 

Once  installed,  the  keystroke  logger  waits  for  victims 
to  fill  out  Web  forms,  kicking  in  when  it  detects  the 
“name”  field,  card  number,  mother’s  maiden  name.CW 
number  (the  three-digits  on  the  signature  strip  on  the 
back  of  a  credit  card),  password, shipping  address  and 
other  such  fields  that  can  be  sifted  for  financially  valu¬ 
able  information. 

The  information  is  then  forwarded  to  other  remote- 

Phishers  turn  to  Trojans  carrying 
keyloggers  to  steal  user  data 

Phishing-based  Trojans  reached  an  all-time  high 
in  January,  as  the  Anti-Phishing  Working  group 
researches  detected  and  recorded  184  unique 
applications. 
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controlled  computers,  where  it’s  collected  and  tested 
by  charging  or  withdrawing  a  small  amount.Then  it’s 
sold,  either  in  piecemeal  or  as  part  of  a  larger  botnet, 
over  Internet  Relay  Chat  (IRC)  channels  for  multiple 
fraud  purposes,  which  includes  turning  them  into 
forged  plastic  cards  for  physical  use. 

Web  apps  are  malware  magnets 

Web  sites  are  increasingly  and  unwittingly  being  used 
as  keylogger  propagation  points,  researchers  say 
because  Web  applications  are  riddled  with  vulnerabili¬ 
ties.  Last  year,WebSense  noted  a  170%  rise  in  spyware- 
related  Web  sites  to  130,000,  along  with  a  271%  growth 
in  phishing  sites  to  27,000.  Of  the  2,000  new  vulnerabili¬ 
ties  tracked  by  Symantec  in  2005  (a  40%  increase  over 
2004), 69%  were  in  Web  applications. 

“You  don’t  have  to  be  a  Ninja  hacker  to  hack  Web 
sites  and  set  them  up  as  Trojan  installers.  Now  you  can 
download  a  complete  kit  for  all  that.  And  you  can  run 
it  all  over  IRC,” says  Ben  Butler,  network  abuse  manager 
at  GoDaddya  Web  hosting  company  that  also  sells 
domain  names  and  other  Web-site-related  services. 

Researchers  say  the  most  common  way  Web  applica¬ 
tions  are  hacked  is  through  vulnerabilities  in  code  writ¬ 
ten  in  the  PHP  scripting  language  used  in  interactive 
forms  for  registration,  information  requests  and  other 
server-side  transactions. 

“If  you’ve  got  a  Web  site,  and  PHP  isn’t  patched  and 
up-to-date,  somebody’s  already  figured  out  a  way  to 
piggyback  malware  onto  your  PHP  communications 
field  in  your  interactive  Web  application,” says  Butler, 
who’s  active  in  the  Anti-Phishing  Working  Group  and 
Digital  PhishNet.  “PHP  is  an  extremely  hacked  applica¬ 
tion,  because  a  novice  user  may  have  put  up  a  Web 
site  with  a  PHP  form  in  it  two  years  ago  and  missed  the 
37  patches  that  have  come  out  since.” 

Crimeware  installers  also  are  targeting  Web  servers 
running  e-mail  servers  so  they  can  propagate  spam, 
adds  Kyle  Lutz,  a  volunteer  with  Shadowserver.org,  a 
grass-roots,  botnet  takedown  group.  Lutz  says  he’s  keep¬ 
ing  an  eye  on  40  active  botnets, some  involving  75,000 
compromised  devices.  Wherever  Shadowserver  volun¬ 
teers  find  one  infected  Web  site,  they  usually  find  mal¬ 
ware  across  the  entire  server  farm,  he  adds. 

Botnet  cleanup  is  a  problem  for  ISPs 

“The  biggest  problem  we  have  is  getting  ISPs  and  host¬ 
ing  providers  to  do  a  better  job  at  taking  down  these 
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networks  once  we  report  them,"  Lutz  says.“Often  the  ser¬ 
vice  providers  just  give  you  an  email  bin  to  send  com¬ 
plaints  to,  and  you  never  know  if  they  act  upon  them.  We 
have  the  same  problem  when  contacting  law  enforce 
ment,  which  is  particularly  difficult  outside  the  U.S.” 

Botnet  cleanup  is  a  big  challenge  for  service 
providers,  adds  Danny  McPherson,  chief  research  offi¬ 
cer  for  Arbor  Networks.  In  September,  Arbor  conducted 
a  survey  of  52  Internet  backbone  and  service 
providers,  43%  of  whom  said  they  felt  unable  to  deal 
with  the  botnet  problem. 

“You’ve  got  to  find  the  compromised  Web  sites,  which 
can  only  be  measured  by  looking  for  spam  relays  run¬ 
ning  on  the  Web  servers  or  by  monitoring  certain 
ports,”  McPherson  says.“And  when  hosting  providers  do 
find  a  hosted  site  running  some  form  of  malware 
installers,  they’ll  have  to  be  able  to  shut  down  just  that 
site  without  affecting  other  customers.  Right  now,  they 
think  they  have  to  pull  the  plug  on  the  whole  server” 

GoDaddywith  12  million  domain  name  registrants, 
employs  seven  abuse  investigators  to  handle  an  aver¬ 
ages  of  5,000  abuse  complaints  daily  Butler  says  the 
team  looks  at  each  complaint  and  correlates  the  infor¬ 
mation  in  order  to  turn  off  purposefully  criminal  Web 
sites  and  to  help  owners  of  infected  sites  clean  and 
patch  their  applications. 

“The  truth  of  the  matter  is  that  not  everyone  who  puts 
up  a  Web  site  is  a  security  genius,”  Butler  says.“So  we 
do  a  lot  of  work  around  user  education.” 

Forensics  support  and  education  are  a  start.  What’s 
missing  is  a  serious  discussion  about  hosting  providers 
assuming  security  responsibility  over  the  applications 
hosted  on  their  customer  Web  sites,  Keller  says. 

Service  providers  caught  in  the  middle 

But  putting  this  burden  on  the  hosting  service 
providers  opens  a  whole  can  of  worms  the  industry’s 
not  ready  for,  Butler  says.  Patch  management  alone 
would  be  a  huge  effort.  And  how  do  you  standardize, 
control  and  support  the  applications  among  millions 
of  users?  Not  to  mention  putting  service  providers  in 
the  uncomfortable  position  of  being  liable  for  cus¬ 
tomer  computer  support,  he  adds. 

These  are  the  same  reasons  e-businesses  with  brands 
to  protect  aren’t  taking  care  of  their  part  of  the  prob¬ 
lem  by  checking  the  integrity  of  their  customer  com¬ 
puters  at  log-in. 

In  the  past  year,  Panda,  Symantec  and  most  other 
leading  antimalware  vendors  have  released  remote  ser¬ 
vices  capable  of  quickly  scanning  consumer  PCs  for 
basic  security,  patch  configurations  and  even  common¬ 
ly  known  viruses. 

“There’s  always  other  support  issues  wherein  per¬ 
ception  becomes  the  reality  and  someone  calls  and 
says, ‘Did  you  break  my  computer?”’ Keller  says. “And 
there’s  also  the  perception  among  consumers  that 
this  is  invasive.” 

Guest  integrity  checking  is  the  most  viable  way  of  stop¬ 
ping  automated  phishing  attacks, according  to  Symantec 
CEO  John  Thompson  during  a  keynote  address  at  RSA  in 
February  Rather  than  being  seen  as  invasive,Thompson 
says  that  helping  consumers  with  their  security  builds 
better  brand-toconsumer  relationships. 

Companies  considering  such  technologies  should 
look  to  products  that  are  vendor  neutral,  meaning  they 
can  check  any  brand  of  firewall,  antimalware  technolo¬ 
gy,  and  all  leading  operating  systems  and  browsers  for 
patch  and  security  configuration. 

That’s  because,  in  the  last  year,Shadowserver  and 
other  researchers  have  found  bot-controlled  Linux  and 


Most-targeted  industry  sectors 

Financial  services  continue  to  be  the  most-targeted 
industry  sector,  growing  to  92%  of  all  attacks  in 
January. 


Mac  OS/X  systems.  According  to  CERT  and  other  secu¬ 
rity  analysts,  keylogger  installs  have  occurred  on  hand¬ 
helds  in  Europe  and  Asia,  where  telephone  computing 
is  popular. 

Enterprise  tools 

Ideally,  enterprises  also  should  look  for  tools  that  scan 
in  combination  with  authentication  so  that  logon  cre¬ 
dentials  are  not  allowed  until  the  integrity  check  is 
completed. 

Toolsets  like  these  would  go  a  long  way  toward 
quelling  concerns  among  financial  services  companies 
that  man-in-the-middle  attacks  can  bypass  stronger 
authentication  by  taking  over  accounts  during  authenti- 


Fighting  back 

While  automated  phishing  attacks  are  on  the  rise, 
phishes  that  still  use  e-mail  and  instant  message 
lures  and  fake  logon  sites  still  abound,  Below  is  an 
update  about  how  companies  are  responding  and 
what  users  should  be  aware  of. 

CLOSED  E-MAIL:  Two  years  ago,  eBay  started 
sending  restricted  e-mail  to  its  customers.  Last 
year,  financial  services  began  following  suit.  For 
example,  Wachovia  now  uses  a  closed,  authenticat¬ 
ed  e-mail  system  as  its  only  way  to  message  cus¬ 
tomers.  And  eBay  uses  its  internal  “my  messages" 
mail  to  educate  consumers  by  putting  security 
messages  around  the  frames,  an  eBay  spokes¬ 
woman  says. 

EDUCATION:  In  addition  to  “practicing  safe  com¬ 
puting"  by  not  clicking  links  and  staying  away  from 
questionable  Web  sites,  users  should  now  update 
their  security  tools  everyday.  And  they  shouldn't 
trust  the  little  closed  SSL  locks  anymore.  NetCraft 
researchers  found  forged  SSL  certificates  in  450 
separate  phish  sites  last  year.  Users  need  to  also  be 
wary  of  any  solicitations,  not  just  from  eBay  and 
financial  services.  Last  year,  phishers  forged  brands 
from  the  Internal  Revenue  Service,  the  Internet 
Crime  Complaint  Center,  numerous  security  vendors 
and  several  authoritative,  nonfinancial  companies. 

ENFORCEMENT:  Microsoft,  spearheading  Digital 
PhishNet,  took  down  4,744  phishing  sites  in  2005 
and  filed  117  lawsuits  against  phishers.  In  February, 


cated  sessions,  Rapp  says.  But  he’s  not  convinced  they 
can  totally  block  man-in-the-middle  attacks. 

“These  phishing  packages  contain  rootkits,  which  can 
turn  off  the  security  and  make  it  look  to  a  scanner  like 
it’s  all  up  to  snuff  when  really  it’s  infected  with  mal¬ 
ware,”  he  says. 

The  final  authentication  piece  needed, says  Sally 
Steward,  vice  president  of  strategy  for  TriCipher,  is  a 
way  to  follow  up  on  authentication  by  working  with 
the  financial  institutions’  fraud-detection  systems.That 
way  should  a  criminal  somehow  slip  past  all  these 
front-end  defenses,  open  new  accounts  and  transfer 
funds  in  a  way  that’s  suspect,  the  system  could  follow 
up  by  logging  the  event  and  alerting  investigators. 

As  with  every  other  information  security  problem  to 
arise  since  the  beginning  of  IP  networking,  protecting 
online  commerce  from  the  phishing  blight  calls  for 
education  and  layered  security.  But  we  also  need  to 
look  forward  to  new  standards,  technologies  and 
frameworks  to  deal  with  increasingly  sophisticated 
problems,  Sachs  and  others  say 

“The  bad  guys  are  ahead  of  our  best  defenses  at  this 
moment  in  time,”  Rapp  adds.The  gap  isn’t  going  to  be 
as  easy  to  close  as  it  has  been  in  the  past.  But  I  urge 
everyone  doing  financial  business  on  the  Internet  to  at 
least  start  out  with  multifactor  authentication  to  make 
it  that  much  more  difficult  for  the  criminals  to  get  at 
our  consumers’  financial  data.” 

Radcliff  is  a  freelance  writer  specializing  in  online  safety 
and  network  security.  She  can  be  reached  at  www.debrad 
cliff.com. 


Microsoft  announced  the  Global  Phishing 
Enforcement  Initiative,  which  will  coordinate 
efforts  in  monitoring  for  domain  offenses,  phish 
takedowns,  partnerships  with  law  enforcement  and 
worldwide  investigations.  In  March,  Castlecops  and 
Sunbelt  Software  announced  the  Phishing  Incident 
Reporting  and  Termination  Squad  to  focus  solely 
on  terminating  phish  sites. 

IDENTITY  SERVICES:  Some  organizations  are 
taking  the  unusual  step  of  buying  proactive  identi¬ 
ty-protection  services  for  their  employees,  says 
Todd  Davis,  CEO  of  LifeLock.  “Fifty-one  percent  of 
identity  theft  occurs  in  the  workplace.  It  takes  an 
employee  on  average  177  hours  to  reclaim  an  iden¬ 
tity,"  Davis  says.  “For  $70  per  year  per  employee, 
businesses  realize  this  is  a  good  investment  to 
keep  their  employees  productive." 

SPAM:  Service  providers  have  made  improve¬ 
ments  at  filtering  spam  and  authenticating  e-mail 
through  adoption  of  the  Sender  Policy  Framework 
and  Sender  ID.  Symantec  reported  a  13%  reduction 
in  spam  mail  last  year,  from  63%  of  all  traffic  in 
2004  to  50%  in  2005. 

TOOLBARS:  Microsoft  announced  Phishing  Filter 
and  SmartScreen  e-mail  scanner  and  browser  toolbar 
that  scan  URLs  against  blacklists  in  Microsoft 
browsers  and  e-mail  services  and  programs.  They 
also  look  for  basic  indicators  of  a  phish,  such  as 
addresses  that  don't  resolve  correctly.  Other  popular 
toolbars:  NetCraft  (www.nwdocfinder.corn/3539)  and 
eBay  (www.nwdocfinder.com/3540). 
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COMPANY:  TimeSpring  Software 

Way  Better  Than  Backup,  Continuous  Data 
Protection  Software  Is  a  "Must-Have" 

OVERVIEW:  Continuous  Data  Protection  software  for 
Microsoft  SQL  Server,  Exchange,  SharePoint  and  NTFS. 

CHALLENGE:  When  it's  lost  or  corrupted  between 
backups,  only  the  hard  disk  thinks  of  it  as  data.  It's 
really  sales  orders,  inventory  records,  production 
schedules,  emails  and  other  things  that  take  you 
and  your  colleagues  a  considerable  amount  of  time 
to  create  and  maintain.  It  takes  even  more  time  and 
heartache  to  restore  these  details  when  lost,  even  if 
you  have  a  backup.  Fortunately,  savvy  IT  managers 
can  now  continuously  protect  all  the  details  within 
the  data  in  real  time  and  restore  in  minutes. 

SOLUTION:  The  latest  Continuous  Data  Protection 
(CDP)  software  makes  it  possible  to  recover  all  data 
within  minutes.  CDP  is  better  than  traditional  backup, 
and  even  snapshot  systems,  because  there  are  no  pro¬ 
tection  gaps,  no  scheduling  requirements,  no  backup 
related  system  slowdowns  and  no  backup  windows 
to  manage.  Data  changes  are  stored  in  real  time  to 
a  time-dimensioned  repository  (on-  or  off-site).  This 
means  you  can  restore  to  any-point-in-time,  such  as 
the  moment  before  a  database  became  corrupted. 

TimeSpring  is  one  of  the  original  CDP  developers 
and  delivers  what  analysts  call  "true  CDP."  True  CDP 
provides  the  "infinite"  choice  of  restore  points  the 
Storage  Networking  Industry  Association  (SNIA)  defi¬ 
nition  requires. TimeSpring's TimeData  CDP  software 
is  distinguished  by  its  ease  of  use,  affordability  and 
tight  integration  with  key  Microsoft  applications  such 
as  SQL  Server,  Exchange,  NTFS  and  now  SharePoint 
Services.  TimeData  uniquely  captures  consistency 
events,  such  as  checkpoints  and  transactions  that  are 
important  to  the  usability  of  the  data  within  Share- 
Point,  SQL  Server  and  Exchange. 

TimeSpring's  white  paper,  "Protecting  Transaction  Data 
—  What  Every  IT  Pro  Should  Know,"  is  definitely  worth 
a  read  and  is  available  at:  timespring.com/free.htm 

time)spring 

Microsoft 
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Partner 

888-375-7634  •  408-834-8966 
www.timespring.com 


COMPANY:  ServerTechnology  Inc. 

OVERVIEW:  Designs  and  manufactures  intelligent 
Cabinet  Power  Distribution  Units  (CDUs)  for  enterprise 
data  centers,  service  providers  and  branch  office 
locations.  Products  include  Basic,  Metered,  Smart 
and  Switched  CDUs,  -48  VDC  CDU  products  and  rack 
mount  Fail  Safe  Transfer  Switches. 

CHALLENGE:  Remote  reboot,  via  IP  or  serial  con¬ 
nection,  equipment  on  high  availability,  critical 
networks  to  eliminate  downtime,  unsatisfied 
customers  and  unnecessary  or  unwanted  trips  to 
remote  locations.  Remote  monitoring  of  temperature 
and  humidity  within  this  same  data  center  enclosure 
is  also  required. 

SOLUTION:  ServerTechnology  provides  a  simple 
solution  for  rebooting  remote  equipment; 

•  Secure  communications  via  IP  or  through  a  serial 
connection  ensures  devices  are  rebooted  quickly 
and  safely.  Options  include;  HTTP,  HTTPS,  SNMP, 
Telnet,  LDAP  and  TACACS+.  Secure  access  methods 
include  SSL  and  SSH. 

•  Easy  to  operate,  integrated  Web-based  GUI  ensures 
ease  of  operation  with  no  software  required. 

•  Local  and  remote  true  RMS  current  monitoring  of 
each  phase  or  circuit  facilitates  load  balancing  and 
prevents  overloads. 

•  Support  for  two  optional  temperature  and  humidity 
probes  provides  additional  measurements  at  a 
nominal  cost. 

•  Other  features  include  power-up  sequencing  to 
avoid  current  inrush  problems,  grouping  of  outlets 
to  ensure  that  multiple  power  supply  devices  come 
up  at  the  same  time  across  A  and  B  power  feeds 
and  linking  CDUs  for  cost  savings  and  doubling  the 
amount  of  outlets  available  on  a  single  IP  address. 

•  Logging  of  authentications,  power  actions, 
configuration  changes  and  system  events. 

•  Additional  features  include  Syslog  support,  tiered 
user  accounts  to  control  access  of  outlets  as  well 
as  what  features  can  be  accessed,  strong  password 
support,  DHCP  support  and  the  ability  to  upload 
and  download  device  configurations. 

To  view  all  of  the  products  available  from  Server 
Technology  Inc.  visit  us  at  www.servertech.com. 

Email  address:  sales@servertech.com 

Server  Technology 

800-835-1515 

www.servertech.com 


COMPANY:  Secure  Computing  Corporation 

OVERVIEW:  AECOM,  a  global  design  and  manage¬ 
ment  services  company,  operates  a  family  of  companies 
with  a  total  of  22,000  employees  at  25  major  offices  and 
150  remote  locations. 

CHALLENGE:  Spanning  five  continents,  AECOM's 
most  obvious  IT  challenge  is  overseeing  their  widely 
distributed  network  of  remote  offices.  The  IT  staff 
needed  a  way  to  quickly  identify  and  disinfect  com¬ 
puters  infected  with  spyware,  regardless  of  location. 

SOLUTION:  AECOM  quickly  decided  that  the 
best  weapon  in  their  fight  against  spyware  would  be 
the  SmartFilter®  Web  filtering  solution  from  Secure 
Computing®  and  its  SmartReporter™  Web  reporting 
solution.  SmartFilter's  Web  usage  reports  provided  the 
ability  to  track  down  security  (including  spyware)  and 
liability  problems  on  company  workstations. 

A  telltale  sign  of  spyware  is  a  large  amount  of  Web 
requests  coming  from  a  particular  Web  site.  Spyware 
will  typically  send  a  beacon  from  the  infected  work¬ 
station  to  the  spyware  home  server.  This  is  a  serious 
privacy  infraction,  and  failure  to  keep  it  in  check  may 
even  cause  a  company  to  run  afoul  of  government 
regulations.  The  stream  of  information  sent  from  the 
infected  computer  also  consumes  network  band¬ 
width,  and  the  spyware  could  be  stealing  valuable 
information  and  transmitting  it  back  to  an  unknown 
site.  The  SmartReporter  reporting  feature  provides 
graphical  reports  that  are  easy  to  understand,  and 
gives  AECOM's  IT  staff  the  ability  to  easily  spot  a 
potential  infection  and  pinpoint  an  infected  worksta¬ 
tion.  The  scalability  of  the  Secure  Computing  solution 
makes  it  easy  to  view  the  entire  global  network. 

"When  I  see  a  lot  of  hits  to  a  URL,  I  can  use  Smart- 
Reporter  to  drill  into  the  data.  It's  very  quick  and 
efficient  to  get  the  IP  address  and  location  of  the 
spyware  infected  hosts,  and  then  I  can  send  a  support 
technician  to  remove  the  software  from  the  local 
machine  and  block  further  transmission  attempts," 
said  Michael  Bradvica,  director  of  Network  Planning, 
Information  Technology  for  AECOM.  "SmartReporter 
has  been  a  great  help  to  us,  and  now  I  don't  have  to 
spend  a  lot  of  time  identifying  which  machines  are 
the  source  of  the  spyware  infections.  In  fact,  I  don't 
have  to  worry  much  about  spyware  at  all  anymore." 

SECURE 

COMPUTING 

800-379-4944 

www.secure computing.com 


Anthology’s  appliance  does 
NAS  well  and  lots  more 

BY  JAMES  GASKIN,  NETWORK  WORLD  LAB  ALLIANCE 

With  capacities  now  reaching  1TB  or  higher,  network-attached  storage  appli¬ 
ances  may  soon  steal  thunder  in  the  entry-level  file  server  market  from 
leader  Microsoft.  With  continued  development  in  their  operating  systems, 
some  of  these  NAS  boxes  may  become  the  first  wave  of  user-friendly  servers 
for  the  entry  level. 


Based  on  our  latest  tests  of  five  lTB-plus  NAS  appliances, 
we  think  small  companies  with  straightforward  storage 
needs  can  save  money  and  be  well  served  by  such  a  unit. 
Larger  companies  that  need  to  increase  their  disk  storage 
also  can  benefit  from  these  systems. 

Since  our  last  test  in  October  (www.nwdocfinder.com/ 
3532),  storage  space  has  increased,  Gigabit  Ethernet  inter¬ 
faces  have  been  added  (in  four  out  of  the  five  units  tested), 
and  USB  connections  are  pretty  much  standard  for  the 
addition  of  printers  and  external  disk  drives.Administration 
utilities  also  have  improved,  making  the  units  easier  to 
install  in  most  cases, and  easier  to  manage  after  installation. 
(See  How  we  did  it  at  www.nwdocfinder.com/3535.) 

New  Serial  Advanced  Technology  Attachment  (SATA) 
disk  drives  have  stormed  this  market.  Faster  than  older 
Integrated  Drive  Electronics  (IDE)  drives  yet  less  expensive 
than  SCSI  drives,  the  SATA  7200  RPM  drives  have  8MB 
buffers  for  improved  performance.The  SATA  drive  connec¬ 
tors,  about  the  size  of  a  USB  port,  make  it  easier  to  cram  four 
disks  inside  amazingly  small  enclosures. 

Four  of  the  five  units  tested  include  client  backup  soft¬ 
ware.  All  offered  private  user  directories  to  encourage  users 
to  store  files  on  the  server  rather  than  personal  hard  drives. 
Our  biggest  complaint  was  that  backing  up  the  NAS  units 
themselves  could  be  better  addressed  by  some  vendors. 

We  tested  Buffalo  Technol¬ 
ogy’s  TeraStation  Pro,  Infrant 
Technologies’  ReadyNAS  NV, 

Anthology  Solutions’  Yellow 
Machine  P400T,  Sabio  Digi¬ 
tal’s  CM4  and  Iomega’s 
400R.  Each  used  RAID-5  as 
the  default  configuration, 
which  reduced  the  usable 
disk  space  for  several  units 
to  about  700MB  (see  www. 
nwdocfinder.com/3533). 

(We  also  tested  the  Maxtor 
1TB  OneTouch  III  unit,  see 
story  at  www.nwdoc 
finder.com/3534.) 

The  combination  of  price, 


Buffalo's  TeraStation  Pro 


styling,  and  the  bonus  of  wiring  hub 
and  router/firewall  for  a  complete 
“branch  office  in  a  box”  overcame 
the  Anthology  Yellow  Machine’s  lack 
of  a  Gigabit  Ethernet  port,  and  we 
gave  it  the  Clear  Choice  Award. 

Anthology  Solutions  Yellow 
Machine  P400T 

A  member  of  last  year’s  test, 

Anthology’s  Yellow  Machine  returns 
with  its  taxicab  yellow  box  that’s 
slightly  bigger  than  a  toaster,  but 
much  brighter.  The  P400T  retains  its 
title  as  a  “do  everything  NAS,”  as  it  for¬ 
goes  a  Gigabit  Ethernet  port  for  a 
WAN  port,  eight  LAN  ports,  router, 
firewall  and  proxy  server. 

We  found  multiple  improvements  in  the  Yellow  Machine 
in  terms  of  its  NAS  functions.The  setup  worked  easily  While 
the  quick-start  guide  warned  about  changing  the  setup 
client  to  a  different  IP  address,  the  appliance  accepted  an 
IP  address  from  our  existing  router,  and  it  was  easy  to  find 
and  configure. 

It  was  odd  that  volume  sharing  and  folder  access  controls 
worked  through  the  File  Manager  screen  rather 
than  user  controls,  but  the  Yellow  Machine 
could  drill  down  into  the  file  system  and  con¬ 
trol  user  access  to  folders  within  a  directory 
However,  we  had  to  remember  to  go  to  the  File 
Manager  screen  to  do  this  and  go  to  the  folder’s 
properties.  But  the  access  controls  did  work 
properly  and  blocked  Windows  and  Network 
File  System  (NFS)  clients  to  the  restricted  fold- 
ers.The  P400T  also  created  home  directories  for 
each  user  in  the  \User  folder,  and  only  logged- 
on  users  can  see  their  private  folders. 

The  appliance  uses  EMC’s  Retrospect  Pro 
backup  software,  preloaded  into  the  \Software 
Store  folder.  The  term  “store”  fits  here,  because 
only  five  client  licenses  came  with  the  system, 
with  the  option  to  buy  more  online. 


user  access  controls,  bold  Anthology's  Yellow  Machine  P400T 


Essentially,  this  gives  you  the  option  of  using 


the  client  operating  system  backup  tools  or  paying  more 
for  the  backup  software. The  Yellow  Machine  can  use  the 
EMC  software  to  back  up  to  another  storage  location. 

We  see  the  appeal  of  the  “complete  network  hub”  for 
smaller  companies.  Internet  access  security  can  be  tight¬ 
ened  to  automatically  block  access  to  adult  content, record 
all  e-mails  and  block  access  to  Web  mail  sites.  Included 
IPSec  VPN  software  supports  client  access  and  Yellow 
Machine-to-remote  links  (linking  two  Yellow  Machines 
together,  for  example). 

Anthology  also  offers  a  Pelican  hard-shell  carrying  case 
for  the  Yellow  Machine,  creating  a  system  the  size  of  carry- 
on  luggage  that  includes  a  complete  branch  office  network 
and  2TB  of  disk  space. 


Buffalo  Technology  TeraStation  Pro 

Last  year,  Buffalo  Technology  broke  a  price  barrier  by 
offering  1TB  of  data  storage  for  less  than  $l,000.This  year’s 
desktop  unit,  the  TeraStation  Pro,  improves  on 
the  original’s  looks,  ease  of  use  and  capacity 
Four  models  offer  storage  of  600MB,  1TB,  1 .6TB 
(which  we  tested)  and  2TB  (announced  after 
our  test  period). 

The  case,  now  black  rather  than  silver,  is  taller 
that  the  previous  version  but  still  shorter  than 
a  shoebox.  Access  to  the  four  drives  no  longer 
requires  a  screwdriver,  just  a  key  to  open  the 
front  of  the  case.  It  is  quieter  than  most  PCs, 
and  the  case  includes  a  useful  LCD  panel, 
unique  to  the  units  we  tested. 

During  our  installation,  the  LCD  panel 
showed  the  unit’s  IP  address,  easing  an 
annoyance  experienced  with  the  other  units. 
The  TeraStation  Pro  took  an  open  IP  address 
from  our  DHCP  server.  For  the  first  time  in  our 
experience,  the  NAS  installation  utility  let  us 
change  the  unit’s  IP  address  yet  keep  the  con¬ 
nection  between  the  PC  running  the  utility 
and  the  NAS  unit.  Usually  we  need  to  reconfigure  our 
client  to  a  new  network  address  to  relocate  the  NAS  unit. 

After  the  installation,  the  LCD  panel  rotates  through  dis¬ 
plays  of  time/date,  network  link  speed  (Gigabit  Ethernet 
with  Jumbo  Frames  supported),  number  of  drives  active 
and  drive  configuration  (RAID-5  by  default).  Users  and 
groups  were  easy  to  create,  and  the  unit  easily  integrated 
into  our  Microsoft  Active  Directory  installation. 

Unfortunately,  creating  a  user  account  didn’t  create  a 
home  directory  for  that  user.  Disk  access  restrictions  for 
users  and  groups  applied  only  to  shared  volumes,  not 
folders  within  a  volume. These  two  shortcomings  make  it 
harder  for  us  to  recommend  the  TeraStation  Pro  as  a 
replacement  for  a  more  expensive  file  server. 

The  Buffalo-branded  HDBackup  software  for  Windows 
clients  is  preinstalled  on  the  main  disk  volume.  Backups 
can  be  scheduled  as  often  as  once  per  day  (you  choose 
the  time)  and  can  be  compressed  automatically  to  save 
disk  space.  Linux  clients  can  be  networked  via  Windows 
networking  but  are  on  their  own  for  backup  software. 

Backing  up  the  TeraStation  Pro  was  more  flexible.  Two 
USB  2.0  ports  let  us  attach  external  hard  drives  for  backups 
or  extra  storage  space.  Like  the  original  TeraStation,  this 
gave  us  multiple  ways  to  back  up  data  to  another 
TeraStation  on  the  network,  including  encrypted  file  trans¬ 
fers  with  compressed  storage. 
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If  Buffalo  adds  a  few  touches,  such  as 
home  directories  for  users  and  user  access 
control  restrictions,  the  already  good  value 
of  the  TeraStation  Pro  will  be  even  better. 

Infrant  Technologies  ReadyNAS  NV 

In  our  last  test,  Infrant  sent  an  excellent 
unit  inside  an  unimpressive  case.  The  new 
ReadyNAS  NV  comes  in  a  sparkling  silver 
case  with  mirrored  front  panels,  USB  2.0 
ports  front  and  back,  and  a  large,  quiet  fan. 
Small  as  a  toaster,  this  is  a  NAS  unit  you 
want  to  put  in  your  window. 

ReadyNAS  NV  comes  in  four  versions:  no 
disks  (add  your  own),  1TB,  1.6TB  and  2TB. 
Infrant  also  sells  its  original  ReadyNAS  600 
(tweaked  for  use  with  a  Home  Media 
Center)  and  the  ReadyNAS  1000,  a  1U  rack- 
mountable  version. 

The  front  silver  grill  opens  to  let  you  hot- 
swap  drives  and  replace  disks  without 
powering  down  the  unit.  Disks  can  be 
arranged  as  one  giant  pool,  mirrored  drive 
pairs  or  RAID-5  fault-tolerant  mode. 

To  install,  we  had  to  chase  down  the 
default  IP  address,  manually  set  it  for  the 
network  and  add  details,  including  a  work¬ 


group  name.  Adding  user  accounts  was 
straightforward.  Although  we  could  set  a 
disk  quota  per  user,  we  couldn’t  restrict  user 
access  to  files  except  by  directory  However, 
all  users  could  see  their  own  private  direc¬ 
tories  available  when  they  logged  on  to  the 
ReadyNAS  AVThis  home  directory  concept 
aims  to  make  the  users  feel  that  the  server 
—  or  at  least  a  part  of  it  —  belongs  to  them. 

The  ReadyNAS  AV  supports  the  complete 
range  of  modern  clients,  including  Linux, 
Macintosh,  Unix  and  Windows.The  interna¬ 
tional  embedded  Linux  operating  system 
supports  21  languages  as  well. 

When  we  plugged  an  external  USB  drive 
into  the  port  on  the  front  of  the  unit  and 
touched  the  backup  key  beside  the  port, 
the  (Backup  directory  folder  automatically 
copied  itself  to  the  attached  drive.  We  also 
could  configure  the  system  to  back  up  just 
a  user’s  home  directories  or  a  mix  of  fold¬ 
ers.  The  three  USB  2.0  ports  (two  on  the 
back  of  the  unit)  let  us  attach  one  or  two 
printers.  Another  predefined  directory  is 
the  (Media  folder.  Subfolders  inside  this 
include  space  for  music,  pictures  and 
videos.  The  appliance  also  supports  Uni- 


Infrant's  ReadyNAS  NV 

versal  Plug  and  Play  for  Audio  and  Video. 

The  admin  page  Status>Health  display 
won  the  prize  for  most  informative  at  a 
glance.  With  green,  yellow  and  red  lights 
and  clear  icons,  even  the  least  technical 
person  in  a  company  can  immediately  tell 
how  each  disk,  the  fan  and  unit  tempera¬ 
ture  are  doing. 


NetResults 


Yellow  Machine 
Product  P400T 

TeraStation  Pro 

ReadyNAS  NV 

StorCenter  Pro  NAS 
400r 

Sabio  CM-4 

Vendor  Anthology 
Solutions 

www.anthology 

solutions.com 

Buffalo 

Technology 

www.buffalotech 

.com 

Infrant 

Technologies 

www.infrant.com 

Iomega 

www.iomega.com 

Sabio  Digital 

www.sabiostorage 

.com 

Price  1TB,  $999;  1.6TB, 
$2,000;  2TB,  $2,500 

600MB.  $799;  1TB, 
$999;  1.6TB,  $1,800; 
2TB,  $2,000 

Case/OS  only:  $649; 

1TB  $1,300;  1.6TB 
$1,800  2TB  $2,300 

640GB,  $3,800;  1TB, 
$4,900;  1.6TB  w/Print 
Server,  $6,800;  400e 
Expansion  Chassis 

1TB,  $3,400 

1TB,  $999;  1.6TB, 
$1,600;  2TB,  $2,300 

Pros  Complete  network  in 
one  box  with  router 
and  firewall;  good 
user  security 
controls. 

Handy  LCD  pane  on 
front;  easy  setup; 
backup  software 
included. 

Small  attractive 
case;  home  directory 
support;  good  status 
screen. 

Windows  Storage 
Server  2003;  dual 
Gigabit  Ethernet 
ports;  excellent 
Windows  client 
backup  software. 

All  clients  supported; 
some  folder  access 
restrictions. 

Cons  No  Gigabit  Ethernet 
connection;  no  USB 
ports  for  easy  back¬ 
up;  single  point  of 
network  failure, 

Lacks  user  controls 
such  as  home 
directory  creation 
and  folder  access 
restrictions. 

No  folder  access 
restrictions. 

Windows  Storage 
Server  2003;  most 
expensive  unit 
tested. 

Installation  and 
administration  needs 
polish;  unit  backup 
support  lacking. 

Score  4.25 

4.1 

3.95 

3.8 

3.45 

Tk  Breakdown  Anthology 

Buffalo 

Infrant 

Iomega 

Sabio 

Management  25%  4 

4 

4 

4 

3 

Capacity 'value  20%  5 

5 

4 

2 

5 

User  access  controls  20%  5 

3 

3 

5 

3 

Backup  options  15%  3 

4 

5 

4 

4 

Installation  10%  4 

5 

4 

4 

2 

Documentation  10%  4 

4 

4 

4 

3 

Total  scert  4.25 

4.1 

3.95 

3.8 

3.45 

The  ReadyNAS  NV  offered  the  most  com¬ 
plete  remote  backup  destination  options. 
We  could  send  any  disk  directory  or  user 
home  directory  to  a  remote  Windows  share 
directory  (or  other  NAS),  to  an  NFS  server 
(Unix)  or  a  Rsync  server  (Linux).  These 
backup  choices  were  the  best  of  the  units 
tested.  For  client  backup,  Infrant  relies  on 
Windows  Backup  or  other  operating  sys¬ 
tem-provided  utilities. 

Iomega  400r 

In  our  last  test,  we  looked  at  Iomega’s 
StorCenter  Pro  NAS  200d  system,  but  this 
time  Iomega  sent  its  400r  1U  NAS  unit. This 
black  unit  with  four  silver-faced  hot-swap¬ 
pable  drives  can  be  the  start  of  a  growing 
company’s  storage  strategy  and  the  first 
rack-mounted  appliance  it  owns. The  com¬ 
pany  will  need  a  rack  to  keep  the  appliance 
quiet,  because  it  struggles  with  airflow 
through  a  small  fan. 

The  good  part  of  the  400r  is  that  it  uses 
Microsoft  Storage  Server  2003  appliance 
software.  The  bad  part  is  that  it  uses 
Microsoft  Storage  Server  2003  appliance 
software.  If  you’re  comfortable  with 
Microsoft  server  controls,  you’ll  feel  at 
home.  If  not, you’ll  find  the  Iomega  controls 
more  big  business  oriented  than  the  other 
units,  with  correspondingly  more  complex 
administration. 

Smaller  companies  stepping  up  to  their 
first  NAS  or  pseudoserver  may  be  slightly 
overwhelmed,  especially  if  they  don’t  al¬ 
ready  have  a  Windows  Server  system. 
Companies  already  in  the  Windows  mind¬ 
set  will  appreciate  the  Volume  Shadow 
Copy  Service  for  automatic  file  copies  and 
user/group  integration  with  existing  Win¬ 
dows  directory  services.  Novell  NetWare  file 
and  print  server  emulation  software  is 
included  on  the  unit  as  well.  The  400r  sup¬ 
ports  Windows,  Linux  and  Macintosh 
clients.  Folder  access  restrictions  worked 
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Iomega's  400r 

once  we  drilled  down  through  the  multiple 
administration  screens. 

Nice  touches  from  Iomega  included  its 
excellent  Automatic  Backup  software  (with 
unlimited  client  licenses)  and  dual  Gigabit 
Ethernet  and  USB  2.0  ports  on  the  back  of 
the  unit.The  1 .6TB  unit  we  tested  included  a 
print  server.  Iomega  recently  added  a  400e 
disk  expansion  unit  with  1TB  capacity  three 
of  which  can  be  run  by  one  400r  unit. 

Although  it  was  the  most  expensive 
appliance  in  our  test,  the  Iomega  looked 
the  most  businesslike.  If  such  appear¬ 
ances  matter,  or  you  want  a  global  brand 
name  on  your  storage  appliance,  this  will 

See  NAS,  page  48 
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continued  from  page  46 
be  your  choice. 

Sabio  Digital  SM-4 

One  of  the  newest  players  in  the 
terabyte  NAS  market,  the  Sabio 
CM-4  comes  in  a  no-nonsense 
black  box  with  an  austere  red 


stripe.The  four  disks  in  removable 
trays  shipped  separately  and  the 
front  of  the  unit  opened  for  easy 
disk  installation.  Operating  soft¬ 
ware  was  preloaded  on  our  disks, 
but  the  34-page  “quick”  start  guide 
provided  pages  of  directions  for 
users  to  install  the  operating  sys¬ 
tem.  We  hope  that’s  rarely  neces¬ 


sary,  because  all  the  other  units 
we  tested  shipped  ready  to  work. 

Although  we  had  issues  with 
installation,  the  discovery  utility 
found  the  system  immediately  on 
our  network  and  opened  Firefox 
to  start  configuration.  However, 
the  browser-based  and  Java-pow¬ 
ered  administration  software  was 


sluglike.  Additionally  the  default 
name  of  the  unit  was  long  and 
complicated  (although  the  sys¬ 
tem  does  give  you  a  chance  to 
change  it). The  setup  forced  us  to 
find,  copy  and  type  in  a  16-digit 
serial  number,  which  was  annoy¬ 
ing  because  the  software  isn’t  any 
good  without  the  hardware 
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(Sabio  promises  to  eliminate  this 
step  in  the  next  upgrade). 

Once  operating,  the  CM4 
worked  well.  Created  user  ac¬ 
counts  don’t  have  home  directo¬ 
ries  created  for  them,  but  user 
access  controls  worked  as  ex¬ 
pected  inside  the  Folders  & 
Sharing  page,  including  a  tab 
labeled  Permissions.  We  found  a 
glitch,  though,  as  access  restric¬ 
tions  worked  on  Windows  sys¬ 
tems  and  Linux  systems  using 
Windows  directories,  but  Linux 
clients  using  NFS  could  see  our 
restricted  folders. 

We  weren’t  familiar  with  Detto 
ReSet,  the  backup  software  that 
came  with  the  unit,  but  it  worked 
fine.  We  could  connect  external 
USB  drives  to  the  CM4  to  back  up 


Sabio's  CM-4 


the  unit.  There’s  no  unit  backup 
information  in  the  administration 
utility  as  there  is  with  the  Buffalo 
and  Infrant  appliances.  All  mod¬ 
ern  clients  were  supported  —  we 
liked  that  installation  utilities  for 
Linux  and  Macintosh  shipped 
with  the  installation  CD  along 
with  Windows  utilities. 

If  Sabio  can  clean  up  the  instal¬ 
lation  process  and  speed  the 
administration  utility  this  system 
will  be  a  strong  player. 

The  bottom  line 

There  are  no  bad  choices  in  this 
group. The  entry  point  price  is  less 
than  $1,000  for  1TB  of  storage 
(reduced  to  around  700MB  by 
RAID-5).  Some  units  have  hot- 
swappable  drives;  although  few 
small  companies  need  that  level 
of  uptime,  it’s  effectively  free. 

If  you  want  a  NAS  to  act  as  an 
entry-level  file  server,  these  prod¬ 
ucts  will  do  so.  File  servers  offer 
detailed  access  controls, so  if  that’s 
your  goal,  verify  that  the  unit  you 
like  offers  folder  access  restric¬ 
tions.  If  you  can  live  with  segment¬ 
ing  access  by  volume  rather  than 
folders,  all  units  will  work  for  you. 

Gaskin  writes  about  technology 
and  real  life  from  his  home  office 
in  the  Dallas  area.  He  can  be 
reached  at  readers@gaskin.com. 
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In  this  issue,  the  third  in  a  six- 
part  series,  we  investigate  next- 
generation  storage  technologies 
and  advanced  infrastructure. 
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management  tools:  Why 

you  need  them. 
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Inside  MB  Financial 
Bank’s  NDC,  where  utility 
storage  boosts  utilization  and 
scalability. 

Inside  CitiStreet’s  IMDC 
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NDC  Insight  on  advanced 
database  security. 
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Inside  this  issue: 


Piecing  together  the  next- 
generation  IT  architecture 


The  third  edition  of  our  six-part  series  spotlights  stor¬ 
age  and  business  continuity  beginning  with  SAN 
change-management  tools  (at  right). 


BED 
COMES  OF 


With 


robust,  advanced  portfolios,  storage  service 
providers  have  gained  enterprise  trust. 


K  •*  GIVING  SERVERS 

THE  BOOT  New  boot-from-SAN  technolo¬ 
gies  offer  automated  server  provisioning  and 
other  advanced  management  goodies. 

ammm 

CONTINUOUS  DATA 
PROTECTION  GETS  GUSSIED 

UP  The  latest  CDP  tools  offer  advanced  recovery 
and  archiving,  and  more  integration  choices. 


,  '  UTILITY  STORAGE: 

RIGHT  ON  THE  MONEY  MB 
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capacity-on-demand  SAN. 

VIRTUAL  TAPE 
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ERY  CitiStreet  ditches  traditional  tape  and 
brings  disaster  recovery  in-house  with  New  Data 
Center-style  systems. 


THE  HACKER- 
“ANT  DATABASE  New  Data 
Center  security  tactics  can  help  you  build  a 
fortress  around  your  database. 


MORE  ONLINE:  Products,  case 
studies  and  more  New  Data  Center  research  can 
be  found  at  www.nww.com.  DocFinder:  2225. 
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Why  you  need  sophisticated  change-manage¬ 
ment  tools  for  your  growing  storage  network. 

ZJ 


CELIA  JOHNSON 


BY  MICHELE  HOPE 


ecause  of  the  large-scale  growth  in  data,  many  of  todays  storage-area 
networks  have  evolved  considerably  from  their  early,  well-contained 
deployments.  Corporate  IT  executives  are  pushing  SANs  to  their  limits 
—  in  size,  complexity  and  functionality  —  as  they  embrace  New  Data 
Center  mandates  about  tiered  storage, storage  on  demand  and  delivering  storage  as  a 
service  to  key  internal  customers. 


The  amount  of  data  in  today’s  enterprise  SAN  can  be  measured  in  multiple  terabytes,  and  may  comprise  thousands  of 
complex  network  interconnections.  Forward-looking  IT  organizations  have  looked  for  new  and  creative  ways  of  manag¬ 
ing  the  scale  and  complexity  that  go  hand  in  hand  with  sprawling,  networked  storage  environments.  Increasingly;  they 
are  employing  SAN  change-management  tools  —  often  a  subset  of  a  larger  storage  resource  management  arsenal  —  to 
meet  the  New  Data  Centers  stringent  performance  demands. 

To  varying  degrees,  IT  executives  are  using  today’s  crop  of  SAN  change-management  tools  to  navigate  and  keep  tab 
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on  the  labyrinth  of  dual  redundant  paths  that  exist  on  a 
SAN  from  host  to  storage  array.The  tools  typically  let  admin¬ 
istrators  follow  the  trail  of  these  interdependencies,  which 
goes  eveiywhere,  from  hosts  and  host  bus  adapters  (HBA) 
to  Fibre  Channel  switches,  ports  and  storage  arrays  —  even 
down  to  the  level  of  logical  unit  numbers  (LUN)  and  vir¬ 
tual  volumes  carved  out  of  individual  disk  drives. 


Many  SAN  change-management  tools  offer  detailed 
device  discovery  and  topology  mapping  for  homogeneous 
and  multivendor  SANs.  Some  tools  also  offer  real-time  sys¬ 
tem  monitoring,  troubleshooting  and  change-violation 
alerts,  functions  that  directly  link  to  a  SAN  change-history 
database  they  maintain. 

Some  tools  make  an  effort  to  follow  IT  Infrastructure 
Library  (TTIL)  best  practices  for  maintaining  and  updating 
changes,  says  John  Webster,  analyst  and  partner  with  the 
Data  Mobility  Group.  Storage  vendors  with  a  strong  ITIL 
focus  include  IBM  and  Hitachi  Data  Systems,  he  says. 

Other  tools  go  a  step  further  and  provide  predictive 
change-management  functionality  With  these  tools, storage 
managers  can  perform  sophisticated  what-if  analyses  and 
modeling,  from  which  they  learn  the  impact  of  potential 
SAN  changes  before  rolling  them  into  production. 

Using  tools  with  change-tracking  and  -monitoring  abili¬ 
ties  has  begun  to  prove  critical  for  a  variety  of  high-growth 
SAN  environments,  including  organizations  moving  to 
embrace  service-centric  delivery 
Babu  Kudaravalli,  director  of  enterprise  systems  at  Fort 
Washington,  N.Y-based  National  Medical  Health  Card 
Systems  (NMHC),  provides  some  healthy  perspective  on 
managing  the  new  realities  —  and  risks  —  of  today’s  com¬ 
plex  SAN  deployments.  His  midsize  company,  which  man¬ 
ages  pharmacy  benefits  and  processes  drug  cards,  has 
grown  considerably  during  the  past  five  years. 

NMHC’s  storage  network  has  grown  five-fold  since 
Kudaravalli  joined  the  company  four  years  ago.  Now  it 
houses  about  65T  to  70TB  of  data  and  consists  of  an  HP 
Storage Works  XP1024  disk  array  an  XP128  array  at  a  remote 
site,  a  few  StorageWorks  EVA2000  systems  and  nearly  400 
Fibre  Channel  ports  on  Cisco  MDS  switches.  It  includes 
NMHC’s  primary  data  center  in  Port  Washington  and  its 
disaster-recovery  site  in  a  neighboring  city 
NMHC  acquired  the  StorageWorks  arrays  under  a  pay-per- 


use  model,  Kudaravalli  says.  Given  this,  he  says  he  was  par¬ 
ticularly  interested  in  tracking  system  capacity  He  wanted 
to  know  how  much  storage  each  application  server  used, 
and  how  much  free  capacity  was  available  across  the  SAN. 

Previously  this  meant  developing  and  running  custom 
scripts,  Kudaravalli  says.  Now,  using  HP  Storage  Essentials 
(formerly  from  ApplQ),he  can  extract  the  information  with 


just  one  press  of  a  button.  Also  gone  is  the  tedious  work  of 
maintaining  the  Visio  diagram  that  depicted  relationships 
between  the  SAN’s  components.  Instead, Storage  Essentials 
creates  and  updates  a  network  map  on  one  screen  that 
shows  how  the  StorageWorks  EVA  box  is  connected  to  the 
switch  and  all  the  hosts,  he  says. 

Keeping  tabs  on  this  complex  SAN  environment  and 
trends  in  application-specific  usage  is  much  different  from 
the  days  of  servers  with 
direct-attached  storage, 

Kudaravalli  says.  “Most 
people  still  see  storage  as 
a  disk  drive  attached  to  a 
server  box.  But,  it’s  not 
when  you  are  talking 
about  hundreds  of  hosts 
and  terabytes  of  storage 
all  needing  to  be  aligned 
and  planned  in  order  to 
prevent  performance 
issues,”  he  adds. 

A  company  needs  to  be 
careful  even  when  deter¬ 
mining  which  ports  to 
assign  to  which  applica¬ 
tion  hosts,  he  says.  “You 
can’t  connect  all  your 
lights  to  the  same  power 
source,  or  you’ll  blow  a  fuse.The  same  thing  applies  to  man¬ 
aging  and  redistributing  the  load  of  applications  correctly 
among  the  various  Fibre  Channel  ports  in  use  on  your  SAN. 
Storage  Essentials  helps  us  identify  which  ports  make  sense 
to  use,  based  on  their  load.” 

The  SAN  management  dilemma 

There’s  no  doubt  SANs  can  get  complicated  quickly  Data 


Mobility’s  Webster  agrees.  “With  a  starting  SAN  configura¬ 
tion,  companies  find  themselves  almost  immediately 
adding  more  to  it  —  on  an  HBA, switch  and  port  level.lt  just 
starts  to  grow;”  Webster  says.  “As  organizations  scale 
upwards,  they  want  to  know,  Are  we  creating  potential  per¬ 
formance  problems?’  or  Are  we  adding  exposure  to  out¬ 
ages  as  we  scale  the  system?”’ 

Even  the  smallest  misstep  while  provisioning  new  storage 
in  a  SAN  environment,  running  SAN  cable, allocating  ports, 
or  commissioning  and  decommissioning  servers  can  have 
a  significant  ripple  effect  that  may  lead  to  production  appli¬ 
cation  slowdowns  or  even  downtime. 

In  a  recent  survey  of  its  customers  —  representing  hun¬ 
dreds  of  companies  that  collectively  support  more  than  a 
million  email  users  —  business  continuity  services  vendor 
MessageOne  found  that  16%  of  all  email  outages  were 
caused  by  SAN  failures.The  company,  which  published  the 
survey  results  in  a  report  on  why  email  fails,  also  noted 
SAN-related  failures  typically  knock  email  out  of  service 
for  an  average  of  25.5  hours.  Survey  respondents  attributed 
SAN-related  outages  to  factors  such  as  incorrectly  config¬ 
ured  LUNs,  out-of-date  drivers  and  administration  of  physi¬ 
cal  hardware  by  teams  outside  the  messaging  group. 

“Eighty  percent  of  problems  in  the  SAN  are  a  result  of 
someone  making  a  change  to  the  system  and  doing  some¬ 
thing  wrong,”  says  Bryan  Semple,  vice  president  of  market¬ 
ing  at  Onaro,  which  makes  SANscreen  storage  services 
management  software.  He  recounts  cases  where  SAN 
administrators  made  zoning  changes  that  had  undesired 
ripple  effects,  and  relates  the  experiences  of  one  customer, 
a  lone  SAN  administrator  at  a  healthcare  organization,  who 
has  been  using  SANscreen  to  keep  track  of  the  moves 
made  by  10  Windows  administrators.  This  company’s  IT 
staff  is  prone  to  shutting  down  servers  or  pulling  out  HBAs 
with  unexpected  consequences  for  the  SAN.  In  the  latter 

case,  Semple  says,  the  SAN 
administrator  views  the 
use  of  SAN  change- 
management  software 
such  as  SANscreen  as 
something  of  a  leveling 
product  that  gives  him  the 
chance  to  keep  up  with 
the  SAN-related  changes 
made  by  other  teams. 

Changing  the  process 

Also  no  stranger  to  track¬ 
ing  changes  on  the  SAN  is 
Jake  Roersma,  manager  of 
network  engineering  at 
Priority  Health, an  HMO  in 
Grand  Rapids,  Mich. 
Roersma  oversees  a 
125TB  SAN  with  a  three- 
tier  storage  architecture.  The  SAN  consists  of  a  high- 
performance  HP  XP 12000  array  at  Tier  1,  an  HP  EVA5000 
system  at  Tier  2,  and  an  HP  MSA1500  at  Tier  3,  which  is 
mostly  reserved  for  backup  and  archiving.  Priority  Health  s 
SAN  also  has  approximately  512  ports  on  a  mix  of  Cisco 
MDS  9509  and  9216i  switches. 

Like  Kudaravalli,  Roersma  saw  his  SAN’s  size  more  than 
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SAN  change* 
management;  tools 
in  action 

Change-management  tools  provide  one 
or  more  of  the  following  functions  for 
heterogeneous  Fibre  Channel  SANs: 

•  Device  discovery  and  mapping 

•  SAN  configuration  planning 

•  Real-time  SAN  monitoring 

•  SAN  troubleshooting  and  diagnostics 

•  Monitoring  and  reporting  about  SAN 
asset  utilization 

•  Potential  what-if  predictive  change- 
analysis  and  modeling 
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I've  decided  to  change  the  rules.  From  now  on,  threats  will  be  afraid  of  me 

Dynamic  Networking  from  AT&T  analyzes  real-time  traffic  over  the  AT&T  network  to 
predict  security  threats  before  they  become  security  breaches.  With  firewalls  and 
intrusion  protection,  the  AT&T  network  provides  Anthony  with  a  front  line  of  defense 
and  the  confidence  to  take  his  network  wherever  he  needs.  With  real-time  reporting 
of  security  issues,  potential  threats  are  on  Anthony’s  radar,  but  not  on  his  network. 
Learn  how  Dynamic  Networking  can  enable  your  business. 
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double  in  the  last  year  and  a  half. That  growth  made  it  nec¬ 
essary  to  hire  a  second  SAN  administrator,  adding  to  man¬ 


agement  complexity“Once  you  get  more  than  a  single  SAN 
administrator  working,  you  could  find  one  administrator 
changing  one  piece  and  another  SAN  administrator  chang¬ 
ing  another  piece.  In  certain  circumstances,  those  changes 


SAN  change-management  'tools 

Storage  vendors  offer  change-management  tools  for  storage-area  networks,  but  most 
spread  such  functionality  across  broader  storage  resource-management  suites. 


Vendor; 

SAIM  change-management  tools 

Brocade 

Communications 

Systems 

•  Advanced  Fabric  Services 

•  Fabric  Manager 

CA 

•  BrightStor  Storage  Management  Suite 

•  BrightStor  SAN  Designer 

•  BrightStor  SAN  Manager 

•  BrightStor  Storage  Resource  Manager 

Cisco 

•  Device  Manager 

•  Fabric  Manager 

CommVault 

•  QiNetix  StorageManager 

EMC 

ControlCenter  Suite 

•  Automated  Resource  Manager 

•  Performance  Manager 

•  SAN  Advisor 

•  SAN  Manager 

•  StorageScope 

Finisar 

•  NetWisdom 

•  NetWisdom  Probe,  Views  and  Portal 
•Taps 

Hitachi  Data 
Systems 

HiCommand  Suite 

•  HiCommand  Path  Provisioning 

•  HiCommand  QoS  application-specific  modules  (for  Exchange, 
Oracle,  Sybase,  SQL  Server  and  more) 

•  HiCommand  Storage  Services  Manager 

•  HiCommandTuning  Manager 

HP 

•  OpenView  Storage  Management  Appliance 

•  Storage  Essentials  Enterprise  Edition 
or 

•  Selection  from  eight  plug-in  Storage  Essentials  modules,  including 
support  for  Sybase,  Exchange,  Oracle  and  File  Systems 

•  Systems  Insight  Manager 

IBM 

TotalStorage  Family 

•TotalStorage  Productivity  Center  for  Data 
•TotalStorage  Productivity  Center  for  Disk 
•TotalStorage  Productivity  Center  for  Fabric 

McData 

SAN  Management  Foundation  Software 

•  Enterprise  Fabric  Connectivity  Manager  (EFCM),  or  EFCM  Basic 

•  SANavigator 

•  SANvergence  Management  Suite 

Network  Appliance 

•  SAN  Manager 

Onaro 

•  SANscreen  Suite 

•  SANscreen  Foundation 

•  SANscreen  Performance  Insight 

•  SANscreen  Replication  Assurance 

Sun 

•  StorageTek  Business  Analytics 

•  StorEdge  Resource  Management  Suite 

Symantec 

•  CommandCentral  Storage 

Tek-Tools 

*  StorageProfiler 

could  conflict.  Monitoring  that  manually  would  take  hours 
and  hours  to  track  down  what  might  have  changed,”  he  says. 

On  occasion, Roersma  says, Windows  and  Unix  engineers 
would  question  his  team  about  whether  performance 
issues  they  had  been  experiencing  could  relate  to  SAN 
changes.  Indeed,  LUN-masking  or  port-level,  hard  zoning 
changes  often  were  the  culprits,  because  they  typically 
dealt  with  which  hosts  could  access  which  LUNs  on  the 
system,  he  says.  Problems  with  Windows  clusters  combined 
with  Linux  or  Unix  hosts  also  surfaced,  as  well  as  issues  sur¬ 
rounding  breaks  in  the  dual-attached  multipathing  offered 
as  a  high-availability  service  to  applications  on  the  SAN. 

Manually  tracking  and  troubleshooting  all  the  elements 
in  the  SAN  configuration  and  subsequent  changes  to  them 
were  just  not  feasible.  That’s  why  Roersma  became  inter¬ 
ested  in  Onaro’s  SANscreen  tool, after  he  saw  a  demonstra¬ 
tion  of  how  it  worked  at  a  storage  industry  conference. 

“One  of  Onaro’s  strong  points  is  the  dual-path  issue.  All 
but  one  of  the  hosts  we  have  are  dual-attached.  SANscreen 
shows  us  all  the  way  through  to  the  storage  unit  whether  or 
not  we  have  a  redundant  path,”  he  says.  “It  will  tell  us  if  a 
host  doesn’t  have  an  HBA,  or  a  switch  is  connected  twice. 
It  also  will  tell  us,  at  the  storage  level,  if  the  storage  has 
10  ports  connected  and  zoned  to  see  the  host, but  the  LUNs 
we’ve  allocated  aren’t  allocated  on  more  than  one  port.” 

Today  Roersma  and  his  team  frequently  use  SANscreen’s 
verification  tool  to  model  SAN  changes,  such  as  allocating 
storage  or  modifying  zones,  and  flag  any  possible  prob- 
lems.“It’s  evident  as  we  grow  that  it’s  improved  our  process. 
In  fact, a  lot  of  our  process  is  now  designed  around  how  the 
Onaro  tool  functions.  We  wanted  a  tool  that  monitors  the 
changes.  But  the  verification  tool  is  actually  now  built  into 
our  change  process.  So  we  implement  that  prior  to  our  allo¬ 
cating  storage  or  modifying  zones,”  Roersma  says. 

SANscreen  also  comes  in  handy  for  compliance, 
Roersma  adds.“Auditors  will  say, ‘We  see  in  the  change  con¬ 
trol  tool  that  a  request  for  a  change  of  X  amount  of  storage 
was  made  on  this  host.  Can  you  show  us  that  you  made  this 
change  and  how  it  was  made?”’  Roersma  says.“My  people 
will  then  go  through  the  Onaro  tool  and  basically  give 
them  screenshots  that  show  that  eight  LUNs  of  X  amount  in 
size  were  added  to  the  storage  unit,  that  the  LUN-masking 
to  allow  X  host  was  made  to  those  LUNs,  and  they  were 
added  to  such  and  such  a  zone.” 

Finding  the  right  tool 

Whatever  flavor  they  are,  in  the  end,  SAN  change- 
management  tools  tend  to  serve  as  something  of  an  audit¬ 
ing  tool  that  helps  people  identify  what  they  have,  how 
quickly  things  are  changing  and  how  fast  they  are  growing, 
says  Shawn  Wagner,  a  storage  specialist  at  reseller  CDW 

Stephen  Foskett,  director  of  strategy  services  at  Glass- 
House  Technologies,  agrees.  “SAN  change-management 
products  step  beyond  just  logging  actions  to  correlating 
actions  and  their  effects  across  the  storage  infrastructure." 

“Most  IT  systems  have  what’s  called  syslog  support  to  log 
system  events.  Most  storage  systems  do,  too,”  Foskett  says. 
“One  of  the  things  SAN  change-management  products 
offer  is  stepping  beyond  just  logging  actions  to  actually 
correlating  actions  and  their  effects  across  the  entire  stor¬ 
age  infrastructure.  If  someone  makes  a  zoning  change  on 
a  switch  or  a  LUN-masking  change,  the  system  will  record 
that  somebody  made  that  change,  but  also  the  whole 
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In  my  Open  Enterprise,  confidence  flows 
freely  because  information  flows  securely. 

Every  identity,  transaction  and  document  represents  a  possible  security 
risk  for  your  company.  A  risk  that  could  cost  you  millions  in  litigation 
and  overhead  associated  with  data  and  intellectual  capital  theft — 
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There’s  no  better  way  to  secure  your  enterprise.  Or  to  ensure 
that  your  data  is  working  for  you  and  not  against  you. 


Security  and  Identity  solutions  from  Novell. 

This  is  the  way  to  secure  your  Open  Enterprise. 


Novell* 

This  is  Your  Open  Enterprise.™ 

www.novell.com/secure 


Copyright  ©  2006  Novell,  Inc.  All  Rights  Reserved.  Novell  and  the  Novell  logo  are  registered  trademarks. 
This  is  Your  Open  Enterprise  and  Define  Your  Open  Enterprise  are  trademarks  of  Novell.  Inc  in  the 
United  States  and  other  countries.  All  third-party  trademarks  are  the  property  of  their  respective  owners. 


B0 


The  New  Data  Center 


www .  net:  work  world .  com/supp/SOOG/ndc/ 


March  SO,  2006 


eSsi 


these  tools  in  the  BMW  rather 
than  the  Volkswagen  category, 
Foskett  says  IT  organizations  must 
carefully  weigh  the  benefits 
against  the  cost.  “Most  tools  are 
priced  based  on  the  size  of  the 
environment,  but  I’ve  seen  the 
tabs  for  these  solutions  in  the 
$50, 000-plus  range,”  he  says. 

Applied  Quantitative  Research 
in  Greenwich,  Conn.,  is  one  com¬ 
pany  that  decided  it  couldn’t  jus¬ 
tify  the  investment.  Syslog  moni¬ 
toring,  combined  with  Cisco  MDS 
switch-related  devices  and  fabric 
management  tools,  is  sufficient  for 
the  30TB  SAN  at  the  primary  data 
center,  says  Ismail  Coskun,  the  in¬ 
vestment  and  asset-management 
firm’s  systems  development  man¬ 
ager.  The  SAN  uses  an  EMC 
Clariion  at  its  production  location 
with  48  Fibre  Channel  ports  on  an 
MDS  switch, and  replicates  data  to 
another  Clariion  in  place  at  the 
company’s  remote  customer  site. 

Cisco’s  Device  Manager  tool 
works  well  to  identify  where  the 
company’s  more  than  20  servers 
are  connected  to  the  SAN, 
Coskun  says.  “Device  Manager 
offers  a  nice  graphical  view  of 
what  the  switch  looks  like  —  up- 
and  downstream  and  its  data- 
throughput  speed,”  he  says. 

When  evaluating  SAN  change- 
management  tools,  GlassHouse’s 
Foskett  recommends  looking  for 
packages  that  support  all  the 
equipment  in  place  on  the  SAN. 
He  also  values  tools  that  can  take 
snapshots  of  the  SAN  configura¬ 
tion  before  and  after  a  change  is 
made,  and  offer  a  configuration 
file  should  the  user  need  to  revert 
to  the  prechange  configuration. 
Some  tools  even  handle  the  roll¬ 
back  automatically 

Lastly  Foskett  stresses  looking  for 
tools  that  offer  flexibility  in  terms 
of  what  they  can  do.  The  best 
tools,  for  example,  can  aid  in  the 
process  of  adding  new  devices  or 
even  merging  SANs  together.“After 
all,”  he  says,  “those  are  the  things 
you  are  going  to  be  doing  in  the 
next  couple  of  years.” 

Hope  is  a  freelance  writer  who 
covers  /Tissues  surrounding  enter¬ 
prise  storage,  networking  and 
security.  She  can  be  reached  at 
mhope@thestoragewriter.com. 
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effect  of  it  across  the  SAN.” 

Foskett  visits  a  lot  of  Fortune  500 
customer  sites,  including  one  he 
went  to  recently  housing  nearly 
100  SAN  switches  and  hundreds 


of  storage  arrays.  Change- 
management  tools  are  essential 
for  keeping  a  site  of  that  size  run¬ 
ning  smoothly  he  says. 

He  also  sees  the  use  of  these 
tools  as  important  for  many  cus¬ 
tomers  who  are  now  trying  to 


move  their  IT  organization  into 
more  of  an  internal  service 
provider  framework,  sometimes 
even  to  the  point  of  offering  an 
assembly  line  model  with  different 
preset  classes  or  tiers  of  storage  to 
address  the  needs  of  various  lines 


of  business.“Larger  companies  are 
starting  to  see  that  the  only  way 
they  can  manage  their  environ¬ 
ments  is  if  things  are  increasingly 
standardized  in  process  and  con¬ 
figuration,”  he  says. 

Because  the  price  puts  some  of 
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storage  service  providers 
enterprise  trust. 


he  maxim  that  timing  is  everything  in  business  has  special  application 
to  today’s  enterprise  storage  service  providers. 
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SSPs  have  evolved  to  the  point  where  most 
experts  and  users  say  their  time  has  come.  With 
utility  storage,  state-of-the-art  management 
services  and  savvy  partnerships,  today’s 
SSPs  can  offer  full-featured  services  tailored 
to  specific  enterprise  needs.  Also,  with  HP, 
Sun  and  Verizon  jumping  into  the  market, 
interest  in  SSPs  is  intensifying. 

Experts  say  a  big  problem  early  on  was 
trust.  In  the  late  1990s,  most  SSPs  focused 
on  primary  storage,  storage  that  acts  as 
the  external  disk  drives  of  mission-critical 
transactional  databases.  Few  enterprises  were 
willing  to  trust  an  outsourcer  —  especially  an 
unproven  start-up  —  with  primary  data.  As  a 
result,  most  SSPs  went  belly-up  by  the  early  2000s. 
“Initially,  people  were  afraid  to  give  up  even  a  copy  of 
the  data,  never  mind  the  primary,”  says  Barb  Gold- 
worm,  president  of  Focus  Consulting.  “But  people  are 
more  comfortable  now.  The  players  who  have  sur¬ 
vived  are  more  stable  and  proven.” 

Not  only  have  the  options  become  more  robust,  but 
the  pressures  also  have  increased  to  where  many  en¬ 
terprises  are  more  willing  than  before  to  consider  such 
solutions  as  part  of  New  Data  Center  planning.  Of  104 
North  American  IT  users  surveyed  by  Gartner  in  2005, 
only  5%  said  they  would  never  consider  using  an  off¬ 
site  backup  service  provider  —  a  plunge  from  the  30% 
to  40%  who  eschewed  such  services  in  2003  and  2004. 

“Today’s  enterprises  see  huge  increases  in  data,  as 
well  as  an  increased  need  to  address  big  issues,  such 
as  disaster  recovery  and  compliance,  while  at  the 


same  time  they’re  faced  with  cutting  the  IT  budget,” 
Goldworm  says.  “Something  has  to  give.  And  offload¬ 
ing  to  an  SSP  can  make  sense.” 

F’or  many  enterprises  considering  SSPs,  a  large  moti¬ 
vator  is  compliance  with  government  and  industry  reg¬ 
ulations.  Carol  Klein,  practice  administrator  for  OMSA 
of  Western  Michigan,  an  oral  surgery  practice  in  Grand 
Rapids,  says  her  firm  contracted  with  SSP  LiveVault 
(now  Iron  Mountain  Digital)  to  ensure  compliance. 

“We  have  patient  data,  our  financials,  patient  billing 
and  scheduling.  All  that  data  sits  on  our  F  drive  and  is 
the  lifeblood  of  this  practice,”  Klein  says.  In  the  past, 
Klein  backed  up  OMSA’s  four  offices,  which  are  con¬ 
nected  via  T-l  lines,  to  the  main  server  in  Grand 
Rapids,  and  then  backed  up  that  server  to  tape  every 
night.  An  employee  brought  the  tape  home  for  safe¬ 
keeping  —  a  practice  she  says  made  her  uneasy.  “You 
never  really  knew  where  the  tape  went,  if  it  was  left  in 
the  car,  exposed  to  the  heat  or  whatever,”  she  says. 

Then  the  Health  Insurance  Portability  and 
Accountability  Act  hit.  “With  HIPAA,  we  are  required  to 
keep  our  data  secure.  We  really  needed  to  find  a  better 
solution,”  she  says. 

OMSA  selected  LiveVault  because  it  was  inexpensive 
—  $1,600  per  year  for  10GB  of  storage  —  and  provided 
state-of-the-art  archival  and  recovery  capabilities,  Klein 
says.  It  included  far  better  security  than  she  could  pro¬ 
vide,  because  the  service  encrypts  the  data  the  minute 
it  leaves  OMSA’s  premises  and  stores  it  in  a  separate, 
hardened  facility.  The  selling  point,  however,  was  Live- 
Vault’s  partnership  with  Kodak  Practiceworks,  which 

See  SSP,  page  62 
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»  Are  your  remote  and  branch  office  users  fightin’  mad  about  poor  application 
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acceleration  solutions  -  and  dramatically  improve  the  performance  of  your  web  site 
and  networked  apps.  Then  everyone  will  enjoy  a  dramatically  better  network  experience, 
while  you  improve  productivity  and  reduce  network  and  infrastructure  costs.  Visit 
www.juniper.net/freetrial  for  your  free  trial  and  customized  Network  Health  Report. 
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Primary  services 

Differentiator 

Cost 

Arsenal  Digital  Solutions 

www.arsenaldigital.com 

Online  backup  and  recovery, 
disaster  recovery,  business 
continuity. 

Partnerships  with  telephone  and 
cable  providers. 

$600  per  month  for  40GB  of  storage. 

HP 

http://welcome.hp.com/country/ 

us/en/prodserv/storage.html 

Managed,  on-site,  customer- 
owned  storage  to  fully  out¬ 
sourced  storage. 

Breadth  of  product  portfolio, 
including  arrays  and  storage  serv¬ 
ices. 

Depends  on  service  mix. 

Iron  Mountain  Digital  (formerly 
LiveVault) 

www.ironmountain.com/us/digital 

Online  backup  and  recovery. 

Owned  by  disaster-recovery  expert 
Iron  Mountain. 

$1,600  per  year  for  10GB. 

IPR  International 

www.iprintl.com 

Online  backup  and  recovery, 
e-mail  archiving  and  restoration, 
information  life-cycle  capabilities. 

Partnerships  with  consultancies 
and  IT  staffing  firms. 

Based  on  individual  contract  needs. 

Sun 

www.sun.com 

Grid-based  backup,  restoration 
and  remote  vaulting. 

Sun’s  experience  with  Sun  Grid 
Compute  Utility. 

$1  per  gigabyte,  per  month. 

Verizon  Business 

www.verizonbusiness.com 

Hosted  storage,  managed 
storage,  planning  and  design, 
remote  backup  and  restoration. 

Includes  network  to  ensure  end-to- 
end  service  and  performance. 

Hosted:  $12  to  $20  per  gigabyte,  per 
month;  Managed:  $5  to  $10  per  gigabyte, 
per  month;  Planning  and  design:  $125K  to 
$175K;  Remote  backup  and  restoration: 
$12  per  gigabyte,  per  month. 

This  is  a  sampling.  Costs  are  based  on  typical  contracts  and  may  vary  depending  on  current  infrastructure  and  service  needs. 
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provides  OMSA  with  practice-management  software. 

Nightly  backups,  done  at  midnight,  take  seven  minutes 
instead  of  the  hours  required  for  backing  up  to  tape,  Klein 
says.The  reason  is  that  after  the  initial  server  image  is  repli¬ 
cated  to  LiveVault  —  a  process  that  takes  about  two  days 
and  is  done  on  a  weekend  —  the  LiveVault  software  backs 
up  only  the  changes  rather  than  the  entire  server. 

Restores  are  also  quicker.  With  tape,  Klein  had  trouble  re¬ 
storing  files.“l  had  a  lot  of  errors  and  sometimes  couldn’t 
find  a  tape  that  would  let  me  restore.  And  sometimes  the 
tape  backup  failed,  and  then  1  would  come  in  the  next 
morning  and  not  have  anything." 

If  she  needs  a  file  restored,  Klein  enters  a  user  ID  and  pass¬ 
word  into  LiveVault’s  management  console, chooses  restore, 
browses  the  backup  server,  clicks  on  the  file  and  instantly 
restores  it.“lt’s  far  easier  and  more  consistent,” she  says. 

OMSA  typifies  much  of  the  SSP  customer  base,  says  Mike 
Karp,  senior  analyst  at  Enterprise  Management  Associates. 
“Today’s  SSPs  are  offering  storage  plus  services,  and  the 
storage  management  is  a  definite  value-add,”  he  says. 

Other  SSPs  are  gaining  trust  by  linking  with  telephone 
and  cable  companies.  For  example,  Arsenal  Digital  Solu¬ 
tions  Worldwide  partners  with  AboveNet,  AT&T,  NTT/Verio 
and  Time  Warner  Cable,  among  others. 

One  of  those  relationships  helped  the  SSP  get  its  foot 
in  the  door  ai  Strahan  Associates,  an  architectural  engi¬ 
neering  firm  in  Raleigh,  N.C.  When  Strahan  moved  its 
offices  and  contracted  with  Time  Warner  for  its  Internet 


access,  the  company  learned  Time  Warner  also  could 
provide  online  utility  storage  services  through  an 
Arsenal  partnership. 

Chuck  Ladd,  Strahan’s  principal  engineer,  had  struggled 
with  securing  the  firm’s  tape  backups  and  had  driven  to  a 
nearby  bank  every  week  to  store  tapes  in  a  safety  deposit 
box.  The  process  was  time-consuming  and  fraught  with 
errors.  “I  make  money  doing  engineering  drawings,  not 
handling  tapes,”  Ladd  says.“I  asked  the  rep  to  give  me  a  pro¬ 
posal,  he  did  and  we  haven’t  looked  back  since.” 

Strahan  has  contracted  with  Arsenal  for  backup  and  re¬ 
storation  services  for  40GB  of  data  for  $600  per  month, 
Ladd  says.The  service  makes  nightly  incremental  backups 
of  Strahan’s  main  server,  which  holds  all  the  company’s  in¬ 
tellectual  property  including  CAD  engineering  drawings 
and  scanned  images  of  hand  drawings.  Like  LiveVault,  Ar¬ 
senal  provides  a  Web  tool  to  manage  restores. 

A  plus  for  Ladd  beyond  backup  and  recovery  is  that  the 
Arsenal  service  gives  Strahan  robust  disaster  recovery, 
especially  important  in  hurricane-prone  North  Carolina. 

“If  we  get  hit  with  a  hurricane,  1  just  need  to  make  sure 
that  the  data  we’ve  already  produced  remains  secure  and 
Arsenal  has  a  hardened  site  with  backup  power,”  Ladd 
says.“When  we  get  back  up,  if  we’ve  lost  anything,  Arsenal 
will  have  it.That’s  not  something  1  can  do  on  my  own.” 

Arsenal’s  support  for  128-bit  encryption  was  another  sell¬ 
ing  point,  Ladd  says.“Most  of  the  cheaper  storage  services 
are  just  Internet  connections  that  do  the  data  transfer  via 
FTR  with  no  encryption,”  he  says.  “And  some  others  have 
lower-strength  encryption.  We  liked  the  full  encryption." 


The  large  enterprise  sell 

The  small-to-midsize  business  market  isn’t  the  only  sec¬ 
tor  fueling  the  SSPs’  newfound  success.  Fortune  1000  com¬ 
panies  are  using  SSPs  either  to  augment  in-house  storage 
capabilities  or  to  offload  some  of  the  more  time-consum¬ 
ing  and  manual  tasks  from  their  staff. 

Thanks  to  SSP  IPR  International,  the  IT  staff  at  Hay  Group, 
a  Philadelphia  IT  management  consultancy  no  longer 
needs  to  deal  with  remote  backups  and  restores  for  the 
company’sl3  sites  across  the  country  says  Robert  Butler,  IT 
director.  Plus,  Hay  Group  has  begun  a  true  information  life- 
cycle  management  program. 

“IPR  gives  me  a  tool  to  help  implement  a  data  manage¬ 
ment  policy  Butler  says.“With  the  archive  tool,  I  can  put  in 
parameters  that  say  files  older  than  one  year  need  to  be 
moved  to  less-expensive  media.  It  enabled  us  —  for  the 
first  time  in  our  history  —  to  have  files  expire. We  will  actu¬ 
ally  destroy  an  electronic  file  once  it  gets  past  a  certain 
date  or  meets  other  criteria.That  is  a  big  change  for  us.” 

Hay  Group  could  have  implemented  similar  policies  in¬ 
ternally  without  using  an  SSP  but  that  would  have  been 
more  difficult  and  costly  because  the  company’s  storage 
devices  were  primarily  direct-attached,  he  says.“We  looked 
at  the  options  and  said, ‘Do  we  want  to  become  the  owner 
of  this  technology  or  just  the  renter?  The  renter  of  the  tech¬ 
nology  is  much  better,  because  this  is  still  changing  very 
quickly  1  can’t  tell  you  how  many  antiquated  tape  machines 
I’ve  disposed  of  in  the  last  12  years,  and  every  time  you  buy 
a  new  tape-library  machine,  you  have  to  buy  a  new  piece  of 
software,  and  you  end  up  with  a  new  tape  format.” 

See  SSP,  page  64 
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BBP  checklist 

Consider  these  five  factors  before  signing  on  with  a  storage  service 
provider: 

Network  impact.  Some  SSPs  are  more  network-intensive 
than  others.  Contract  with  an  SSP  that  compresses  the  data  before  it 
leaves  your  premises,  or  at  least  does  incremental  backups,  which  can 
significantly  lower  the  performance  hit  on  your  network. 

Encryption  options.  Most  SSPs,  especially  those  offering 
backup  and  recovery  services,  provide  encryption.  Look  for  at  least  128- 
bit  encryption  and  make  sure  data  is  encrypted  not  only  during  transfer 
but  also  in  storage.  SSPs  usually  provide  data  encryption  keys,  ensur¬ 
ing  that  only  the  customer’s  —  not  the  SSP’s  —  staff  has  access. 

Management  capabilities.  Don’t  neglect  to  manage  your 
data  once  you  sign  a  contract  with  an  SSP.  Without  strong  data  manage¬ 
ment  policies,  including  ones  for  archival  and  expiration,  your  data  stor¬ 
age  may  grow  too  quickly,  making  the  service  unnecessarily  expensive. 

Control  tools.  SSPs  offer  varying  degrees  of  oversight  of 
managed  storage.  Insist  on  a  comprehensive  console  that  lets  you  set 
policies  and  review  storage  usage.  This  is  especially  important  when 
contracting  for  metered  storage. 

Reach.  Make  sure  the  SSP  will  support  your  field  offices,  whether 
they're  in  Detroit  orTokyo. 
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After  signing  on  with  the  SSR  Butler 
migrated  his  data  slowly,  starting  with  file 
and  print,  then  e-mail,  then  SQL  databases 
and  finally  Web  servers.  In  the  end,  he 
signed  a  contract  with  1PR  for  a  flat  rate 
over  three  years  to  support  an  estimated 
2.5TB  of  data.The  price  also  includes  com¬ 
pression  technology  that  helps  consolidate 
some  of  Hay’s  larger  files  before  archiving. 

“With  the  flat  rate,  I  don’t  have  to  do 
monthly  monitoring  or  metering,”  he  says. 

Another  plus,  Butler  says,  is  not  being 
locked  into  1PR.  “I  view  it  as  being  easily 
movable,”  he  says.“I  would  much  rather  try 
to  move  a  terabyte  of  information  elec¬ 
tronically  than  move  5,000  tapes.” 

Major  companies’  storage  services  are 
bolstering  the  SSP  marketplace.  Verizon 
launched  its  storage  services  in  late  2005, 
claiming  that  it  not  only  provides  secure 
managed  services  on  a  per-gigabyte  basis, 
but  also  guarantees  optimal  service  levels 
across  its  high-speed  backbone. 


Similarly  playing  on  its  strengths,  Sun 
unveiled  grid-based  utility  storage  services 
offering  remote  backup  and  restoration,  as 
well  as  a  remote  file  vaulting  service  cost¬ 
ing  $1  per  gigabyte,  per  month. 

For  years,  HP  has  offered  a  variety  of  stor¬ 
age  services  for  the  enterprise  and  the  mid¬ 
market.  Its  products  extend  from  providing 
on-site  management  for  a  customer’s 
equipment  to  offering  per-gigabyte  storage 
in  an  HP  data  center.  HP  says  because  it 
sells  storage  arrays  and  services,  it’s  an 
expert  in  managing  and  gaining  efficien¬ 
cies  for  customer-owned  storage. 

The  upshot  of  these  developments  is  that 
enterprises  are  in  the  driver’s  seat  when  it 
comes  to  finding  the  right  service,  perform¬ 
ance  and  price  to  fit  their  needs.  And  over¬ 
all,  today’s  SSPs  provide  much-needed 
peace  of  mind.“I  may  still  have  nightmares 
about  losing  dental  chairs,”  says  OMSAs 
Klein, “but  not  about  losing  my  data.” 

Cummings  is  a  freelance  writer  in  North 
Andover,  Mass.She  can  be  reached  at  jocum 
mings@comcast.  net. 
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APC  solutions  that  carry 
the  1 Blade-Heady "  Logo 
are  designed  to  handle  the 
demanding  network-critical 
physical  infrastructure 
requirements  of  high  density 
blade  server  applications. 


Chamber  Doors 

Access  to  hot  aisle, 
locks  for  security 


Now  you  can  quickly  deploy  a 
standard  or  high  density  site  of  any  size 
with  scalable,  top-tier  availability. 


Part 

Number 

Usable 

IT  Racks 

Maximum 
kW  per  Rack 

Price 
to  buy 

Price  to  lease 
(36  installments) 

ISXT120KHD1R 

1 

up  to  20kW 

$63,500* 

$1,999* 

ISXT130KHD1R 

1 

up  to  30kW 

$79,500* 

$2,499** 

ISXT130KHD2R 

2 

up  to  30kW 

$94,500* 

$2,999** 

ISXT150KHD2R 

2 

up  to  30kW 

$99,500* 

$3,099** 

ISXT140KHD3R 

3 

up  to  30kW 

$119,500* 

$3,799** 

ISXT180KHD3R 

3 

up  to  30kW 

$159,500* 

$4,999** 

ISXT150KHD4R 

4 

up  to  30kW 

$166,500* 

$5,199** 

All  multi-rack  configurations  feature: 

t/  N+  7  power  and  cooling 
%/  Secure,  self-contained  environment 
%/  Peak  capacity  of  20kW  per  rack 
%/  Enhanced  service  package 
%/  Integrated  management  software 
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All  solutions  are  scalable  up  to  hundreds  of  racks. 
On-site  power  generation  options  start  at  $29,999 
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Infrastructure 

DATA  CENTERS  ON  DEMAND 

Highly  available  and  manageable, 
quick-to-install,  scalable  architecture 
that  easily  supports  both  standard 
and  high  density  applications. 

-  Up  to  20kW  a  rack  for  any 
blade  server  application 

-  Unlimited  racks 

-  Ships  in  5  days *** 

-  Installs  in  1  day*** 

-  Optional  on-site  power 
generation 

-  Raised  floor  not  required 

-  Vendor  neutral  guaranteed 
compatibility 
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InfraStruXure’  can  be  purchased  as  a 
modular,  or  mobile  system 


InfraStruXure1  BuildOut  Tool 


Try  APC's  online  InfraStruXure  BuildOut  Tool  today  and  build  your  own  solution. 

Go  to  http://promo.apc.com  and  enter  key  code  k839x  Call  888-289-APCC  x3634 

*  Prices  do  not  include  IT  equipment  and  are  subject  to  change.  "  Indicative  rates  are  subject  to  market  conditions.  ***  Install  and  delivery  times  may  vary 
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Spotlight  on  storage 

a  business  continuity  servers  the 


New  boot-from-SAN  technologies  offer 
automated  server  provisioning  and 
other  advanced  management  goodies. 


The  time  is  finally  ri 
for  boot-from-SAN  I 
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KEN  WALTERS, 

Senior  director  of  enterprise  technology, 
Public  Broadcasting  Service 


BY  DENI  CONNOR 

In  response  to  IT  de¬ 
mands  for  increased 
efficiency  in  managing 
diskless  and  blade 
servers,  storage-area  network 
vendors  have  begun  crafting 
next-generation  tools  that  per¬ 
form  advanced  server  provi¬ 
sioning.  Tools  such  as  Bro¬ 
cade’s  Tapestry  Application 
Resource  Manager,  Microsoft’s 
Virtual  Hard  Disk  or  Emulex’s 
N-Port  ID  Virtualization  are 
proving  much  easier  to  use 
than  predecessors  such  as 
boot-from-SAN  and  logical- 
unit-number  cloning. 


While  long  enabling  SAN-based  provisioning  of 
servers  and  storage,  boot-from-SAN  (in  which  servers 
boot  from  volumes  on  the  SAN)  and  logical  unit  num¬ 
ber  (LUN)  cloning  (the  copying  of  data  from  one  vir¬ 
tual  disk  to  another)  have  been  difficult  to  implement. 
The  new  generation  of  tools,  which  offer  better  provi¬ 
sioning  capabilities  and  support  for  a  wider  range  of 
storage  options,  are  a  boon  for  IT  shops  focused  on 
building  New  Data  Center  infrastructures.  They  offer 
such  advantages  as  the  ability  to  consolidate  resources 
by  deploying  diskless  and  virtualized  servers  and  to 
centralize  management.  With  these  tools,  IT  can  store 
server  images  (including  applications,  operating  sys¬ 
tems,  settings  and  data)  on  the  SAN  and  administer 
and  parse  them  out  from  a  single  location. 

Recovering  servers  quickly  may  be  the  greatest 
advantage  of  boot-from-SAN  and  SAN-based  provision¬ 
ing.  If  a  server  fails,  IT  can  easily  deploy  a  new  one 
using  the  server  image  on  the  SAN.  That  process  takes 
less  time  than  configuring  a  new  server.  Likewise, 


dozens  of  Web  servers  can  be  created  with  a  single 
click  of  a  button  once  their  identity  —  the  image  — 
has  been  created.  Rather  than  reinstalling  the  operat¬ 
ing  system,  applications  and  configuration  settings  and 
a  copy  of  the  data  from  a  backup  tape,  IT  simply  drops 
the  new  server  into  the  network  and  configures  it  to 
use  the  boot  and  application  and  operating  system 
image  stored  on  the  SAN  (see  graphic,  page  68). 

Michael  Passe,  storage  architect  for  CareGroup 
Healthcare  System’s  Beth  Israel  Deaconess  Medical 
Center  in  Boston,  is  considering  boot-from-SAN  and 
server  and  storage  provisioning  for  those  reasons.  “We 
are  talking  about  boot-from-SAN  specifically  to  aid  in 
disaster  recovery,  since  we  could  clone  and  replicate 
the  system  volumes  for  many  systems,”  Passe  says. 

Of  boots  and  blades 

The  technology  behind  boot-from-SAN  is  nothing 
new.  In  the  late  1980s,  diskless  workstations  equipped 

See  SAN,  page  68 
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18i£  Builds  Scalable  Network 

to  Stay  Ahead  of  Online  Gaming  Explosion 


Widespread  broadband  adoption 
has  enabled  a  new  class  of  bandwidth¬ 
intensive  applications,  including 
online  multiplayer  gaming.  Leverag¬ 
ing  high  speed  Internet  connections 
and  cost-effective  computing  power, 
online  games  allow  users  to  interact 
with  other  users  around  the  world, 
create  characters  and  explore  elabo¬ 
rate  environments  -  all  through  home 
computers. 

Nowhere  is  this  trend  more 
pronounced  than  in  Japan  -  home 
to  video  game  pioneer  SEGA.  An 
amalgam  of  the  words  "service"  and 
"games,"  SEGA  revolutionized  the 
market  with  such  game  consoles  as 
SEGA  Genesis  and  SEGA  Dreamcast, 
and  most  recently  ventured  into  the 
online  gaming  world  with  the  intro¬ 
duction  of  the  first  online  role  playing 
game,  Phantasy  Star  Online. 

To  support  its  game  titles, 
including  RF  Online  and 
CHROMEHOUNDS,  and  ensure 
reliable  network  performance, 

SEGA  turned  to  ForcelO 
Networks.  With  leading  den¬ 
sity  and  robust  resiliency,  the 
ForcelO  TeraScale  E-Series 
family  of  switch/routers  pro¬ 
vides  SEGA  with  the  scalability 
it  needs  to  expand  as  its  game 
catalogue  grows. 

Building  a  Network  for 
Online  Gaming  with  Offline 
Reliability 

"Growing  broadband  adoption 
really  allowed  us  to  leave  the  offline 
game  consoles  and  move  to  interac¬ 
tive  games  where  people  around  the 
world  could  meet,"  said  Agata  Yoshimi 
of  the  Network  Operations  Team  at 
SEGA.  "The  move  to  online  games 
required  not  only  the  transition  of 
existing  games  to  online  environ¬ 
ments,  but  also  the  development  of 
new  games  and  a  network  over  which 
we  could  run  them." 

Initially,  SEGA  implemented  a  net¬ 
work  model  that  isolated  each  game 


title  within  a  distinct  cluster  of  servers. 
As  game  titles  grew  and  more  players 
sought  to  enter  existing  games,  this 
proved  to  be  an  unsustainable  model. 
In  its  pioneering  spirit,  SEGA  made 
a  strategic  decision  to  move  from 
distinct  networks  to  a  single  consoli¬ 
dated  network. 

To  anchor  this  network  and 
provide  all  the  benefits  of  a  stable, 
offline  game  with  all  the  interactive 
qualities  of  an  online  game,  SEGA 
turned  to  the  ForcelO  TeraScale  E300 
switch/router. 

"As  households  take  up  online 
gaming,  we  have  found  the  need  to 
alter  our  network  strategy  to  better 
provide  them  with  the  quality  gaming 
experience  they  expect,  and  we've 
determined  that  integrating  our 
gaming  networks  would  best  serve 


both  our  customers  and  our  growth 
plans,"  recognized  Mr.  Agata.  "At  the 
core  of  this  network,  we  needed  a 
reliable  and  scalable  platform  like 
the  ForcelO  E300." 

With  hundreds  of  thousands  of 
gamers  coming  and  going  into  various 
online  worlds,  scalability  is  essential. 
Supporting  48  Ten  Gigabit  and  288 
Gigabit  Ethernet  ports  per  system,  the 
ForcelO  TeraScale  E300  provides  the 
capacity  that  enables  SEGA  to  seam¬ 
lessly  expand  its  network  as  well  as 
simplify  the  architecture  by  reducing 
the  number  of  systems  required  to 
interconnect  SEGA's  servers. 

"In  a  network  such  as  ours,  sim¬ 


plicity  is  required  for  both  easy 
management  and  to  ensure  that  our 
customers  have  a  seamless,  online 
gaming  experience,"  emphasized  Mr. 
Takasaki,  network  engineer  in  the 
Network  Operations  Department  at 
SEGA.  "The  ForcelO  E300  exceeded 
these  conditions  and  gave  us  a  solid 
platform  for  building  out  our  consoli¬ 
dated  gaming  network." 

Increasing  Reliability  with 
Carrier-Class  Routing 

In  SEGA's  offline  games,  the  screen 
changes  in  1/60th  of  a  second.  Gam¬ 
ers  that  are  accustomed  to  the  rapid 
frame  changes  expect  the  same  qual¬ 
ity  in  these  online  worlds.  To  mimic 
the  reliability  of  an  offline  game, 
SEGA  determined  that  it  needed  an 
infrastructure  with  rapid  BGP  conver¬ 
gence  times. 

"Game  content  like  ours  requires 
stable  quality  for  communication 
between  the  server  and  the  end  user," 
said  Mr.  Agata.  "Therefore,  quick  BGP 
response  times  are  required  to  strate¬ 
gically  select  the  fastest,  most  reliable 
connection,  including  between  ISPs 
worldwide." 

The  unique  three  CPU  architecture 
of  the  ForcelO  TeraScale  E-Series, 
coupled  with  advanced  modular  soft¬ 
ware,  enables  the  TeraScale  E-Series 


to  provide  high  density,  line-rate  10 
Gigabit  Ethernet  switching  as  well  as 
the  rapid,  scalable  BGP  convergence 
times  that  SEGA  needs  to  guarantee 
a  reliable  gaming  experience  on  its 
network. 

"We  needed  the  ability  to  ensure 
high  quality  communication  between 
our  network  and  the  people  play¬ 
ing  our  games,"  Mr.  Agata  said.  "The 
ForcelO  E300  was  a  perfect  fit  for  our 
requirements." 

SEGA  Pioneering  the  Future 
of  Online  Gaming 

"As  a  part  of  our  growth  strategy, 
we  will  explore  all  the  possibilities 
that  online  gaming  offers,"  said  Mr. 
Agata.  "With  the  E-Series  switch/rout¬ 
ers  as  the  foundation  of  our  network, 
we  are  confident  we  have  the  high 
performance  infrastructure  we  need 
to  support  our  future  plans." 

To  learn  more  about  upgrading  your 
network  to  ForcelO  Networks  visit 

www.networkworld.com/sega 


©  2006  ForcelO  Networks,  Inc  All  rights  reserved. 


"As  households  take  up 
online  gaming,  we  have 
found  the  need  to  alter  our 
network  strategy  to  better 
provide  them  with  the 
quality  gaming  experience 
they  expect." 

-Agata  Yoshimi, 

Network  Operations  Team  at  SEGA 
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continued  from  page  66 

with  a  boot  ROM  picked  up  their  identities  from  the  file 
server.  Unix  workstations  have  booted  from  the  net¬ 
work  since  the  days  of  Digital  Equipment.  However, 
today’s  boot-from-SAN  technology  sup¬ 
ports  automated  provisioning  of  server 
resources,  which  eases  the  deployment 
of  diskless  servers  and  blades,  users 
say. 

“1  hope  to  get  to  boot-from-SAN  later 
this  summer  in  our  IBM  BladeCenter 
servers,”  says  Ken  Walters,  senior  direc¬ 
tor  of  enterprise  technology  for  the 
Public  Broadcasting  Service  in 
Alexandria,  Va.  Over  the  last  couple  of 
years,  the  company  has  been  using  the 
blade  servers  and  running  VMware’s 
ESX  Server  for  consolidation,  he  adds. 

ESX  Server  provides  boot-from-SAN 
because  servers  are  being  booted  off 
virtualized  SAN  disks,  Walters  says. 

What  he  really  needs,  he  says,  is  to  boot 
blades  off  iSCSI  SAN  disks.  While 
Adaptec  and  QLogic  make  specialized 
host  bus  adapters  (HBA)  that  let  users 
boot  their  blades  from  IBM  Blade- 
Center  computers,  these  hardware- 
based  iSCSI  HBAs  can  be  expensive, 
topping  out  at  about  $700  apiece. 

Instead,  Walters  hopes  to  use  Micro¬ 
soft’s  and  IBM’s  software-based  iSCSI 
boot,  expected  to  be  available  later 
this  summer. 

When  implemented  in  the  server 
Basic  Input/Output  System  (BIOS)  or  in  HBA  firmware, 
the  iSCSI  Software  Enabled  SAN  boot  lets  BladeCenters 
and  other  diskless  servers  connect  to  and  boot  from 
the  iSCSI  SAN.  Using  this  software,  Walters  will  boot  his 
blade  servers  from  StoneFly’s  iSCSI-based  Storage 
Concentrator,  which  attaches  to  inexpensive  advanced 
technology  attachment  or  Serial  Advanced  Technology 
Attachment  drives.  Among  the  partners  signed  on  to 
support  this  software-based  boot  are  Dell,  emBoot,  Intel 
and  QLogic,  as  well  as  iSCSI  vendors  Alacritech, 
EqualLogic,  FalconStor,  Intransa,  LeftHand  Networks, 
Nimbus  Data  Systems  and  SANRad. 

From  Walters’  point  of  view,  the  most  compelling  rea¬ 
son  for  booting  off  the  SAN  is  to  improve  storage  con¬ 
solidation. “I  added  up  all  the  direct-attached  storage  I 
had  and  discovered  that  I  had  almost  as  much  unused 
disk  space  in  all  these  disks  as  1  did  on  my  SAN.” 

Giving  it  a  remote  boot 

Boot-from-SAN  establishes  virtual  disks  on  the  SAN  and 
stores  the  server’s  boot  image,  operating  system,  system  set¬ 
tings  and  applications  there.The  server  boots  from  the  boot 
image  and  is  connected  to  the  operating  system-applica¬ 
tion-setting  image  in  another  virtual  disk. 

The  boot  process  involves  loading  the  operating  system 
code  from  the  SAN  when  the  server  is  turned  on. The  sys¬ 
tem  BIOS  is  loaded  first  from  a  boot  image;  it  initializes  the 


hardware  and  loads  the  operating  system,  checks  the  hard¬ 
ware  setup  and  creates  a  copy  of  the  operating  system  in 
server  memory. 

Boot  images  also  can  be  cloned  to  accommodate  the 
deployment  of  multiple  servers,  each  of  which  has  the 
same  identity  For  instance,  an  IT  shop  may  have  images  on 


its  SAN  for  Web  servers,  Microsoft  Exchange  or  SQL  servers 
waiting  in  queue  for  deployment.  In  this  way  customers 
could  create  physical  servers  or  servers  virtualized  with 
VMware  or  the  open  source  Xen  that  can  be  provisioned 
from  the  SAN  as  necessary 

The  problem  with  deploying  a  boot-from-SAN  and  LUN- 
cloning  strategy  for  server  provisioning  is  that  it  is  a  manu¬ 
al  process  that  is  often  complicated  to  set  up. 

“With  traditional  LUN  cloning,  the  user  is  required  to  use 
exactly  the  same  hardware  configuration  or  risk  driver  mis¬ 
matches,”  says  William  Hurley  senior  analyst  for  the  Data 
Mobility  Group. 

Walters  says  Red  Hat  warned  him  off  boot-from-SAN  tech¬ 
nology  because  of  all  the  troubles  that  could  ensue.  “It 
claimed  to  support  boot-from-SAN  in  no  wayand  told  us  all 
sorts  of  bad  things  would  happen  if  we  tried,”  he  says. 

Each  server  attaching  to  the  SAN  also  needs  its  own  boot 
image.  N-Bort  ID  Virtualization  from  Emulex  lets  several  vir¬ 
tual  servers  share  the  same  HBA  and  subsequently  the 
same  boot  image.  Microsoft  says  it  also  is  working  on  soft¬ 
ware  to  let  a  non-virtualized  blade  or  other  server  boot 
from  a  single  image  on  the  SAN. 

Software  and  hardware  from  Brocade  also  make  the 
process  of  creating  and  deploying  server  images  easier  and 
more  automatic.  Brocade’s  Tapestry  ARM,  a  technology  the 
company  acquired  last  year  when  it  bought  Therrion 
Software,  consists  of  hardware  —  the  Tapestry  ARM 


Appliance  —  and  software  —  the  Tapestry  ARM  Service 
Processor.  Tapestry  ARM  integrates  into  existing  Brocade 
Fibre  Channel  SAN  environments. 

“Tapestry  ARM  uses  boot-from-SAN  and  LUN-cioning 
technology  wrapped  up  in  a  server-based  software  pack¬ 
age  to  make  it  easier  to  provision  and  move  and  reassign 
server-to-storage  relationships,”  says  Brian 
Garrett,  an  analyst  with  the  Enterprise 
Strategy  Group.  “Storage  arrays  that  sup¬ 
port  boot-from-SAN  and  LUN  cloning  are 
missing  the  server-based  software,  that  is, 
the  boot  manager” 

ARM  provides  the  missing  automated 
boot-from-SAN  and  server-provisioning 
piece. “In  ARM,  more  than  one  host  com¬ 
puter  can  boot  from  the  image,”  Hurley 
says.  “Traditional  [preexecution]  boot  is 
normally  a  one-to-one  operation,”  he 
adds. 

With  ARM,  each  server  boots  to  the 
same  image,  and  the  Tapestry  ARM 
Service  Processor  software  picks  up  the 
individual  applications,  operating  sys¬ 
tems  and  configuration  settings  for  the 
server  from  images  stored  on  the  SAN. 
When  a  new  server  needs  to  be 
deployed,  Tapestry  ARM  communicates 
with  the  Fibre  Channel  HBA  in  the  server 
and  tells  it  where  to  find  its  operating  sys¬ 
tem  and  application  data  on  the  SAN.The 
ARM  software  automatically  accommo¬ 
dates  differences  in  server  hardware,  let¬ 
ting  a  server  with  a  different  hardware 
configuration  be  swapped  in  if  a  server 
fails. 

“If  a  server  fails,  [ARM]  can  direct 
another  server  to  the  first  server’s  LUNs,”  says  Randy 
Kerns,  an  independent  storage  analyst. 

The  ARM  system  keeps  a  repository  of  images  for  each 
type  of  server.  These  images  may  be  called  on  and  config¬ 
ured  from  the  Tapestry  ARM  management  interface. 
Tapestry  ARM  uses  Microsoft’s  VHD  technology  which  cap¬ 
tures  the  operating  system  and  applications  for  the  virtual 
machine  in  a  single  file.  Among  those  vendors  licensing 
VHD  are  BMC  Software,  Fujitsu-Siemens,  Network 
Appliance,  Softricity  Virtual  Iron,  XenSource  and  Brocade, 
which  includes  it  in  Tapestry  ARM. 

But  the  real  advantage  of  Tapestry  ARM  is  that  it  auto¬ 
mates  server  deployment  and  provisioning.  Whereas  boot- 
from-SAN  and  LUN  cloning  are  manual  processes, Tapestry 
ARM’s  management  interface  can  automatically  carve  out 
virtual  disks  and  assign  servers  to  LUNs. 

Matthew  Deveny,  architecture  manager  for  Sutter 
Health  in  Sacramento,  Calif.,  has  beta  tested  Brocade’s 
Tapestry  ARM.  “We  are  front-ending  an  application  out 
to  41,000  employees.  Deploying,  managing  and  provi¬ 
sioning  that  environment  can  be  extremely  compli¬ 
cated  for  those  machines. We  believe  it  can  save  us  a  lot 
in  overhead  in  provisioning  resources  and  ultimately 
allow  us  to  take  drives  out  of  our  blade  and  other 
servers,”  he  says. 

Walters  of  the  Public  Broadcasting  Service  agrees.He 
says, “The  time  is  finally  right  for  boot-from-SAN.”  ■ 


New-generation  boot-from-SAN  capabilities  make  server  provisioning  quick 
and  easy. 

Q|  To  add  a  diskless  server  to  the  storage-area 
network,  IT  must  provision  it  with  an  operating 
system,  applications  and  configuration  settings. 


Fibre  Channel  switch 
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Bln  a  boot-from-SAN  setup,  SAN  disks  are  divided 
into  virtual  disks  using  logical  unit  numbers  (LUN). 
Here,  LUNs  1  and  2  contain  boot  images,  while 
LUN  3  contains  a  Web  server  image  and  LUN  4 
an  image  for  Microsoft  Exchange  server. 

B  The  new  server  boots  from  LUN  1  and  receives 
its  identity  —  a  Web  server  -  from  LUN  3. 


LUN3 

Web  server 
image 


Exchange  server 
image 


A  Faster  Connection 


PMC-Sierra  &  Tachyon  Together  Deliver  the  Gold  Standard  for  Enterprise-Class  Storage  Systems.  With  the  addition 
of  the  Tachyon  Protocol  Controllers  to  our  industry-leading  Fibre  Channel  and  SAS/SATA  solutions,  PMC-Sierra  now  delivers  the 
most  complete  end-to-end  semiconductor  and  software  solutions  for  current  and  next  generation  Networked  and  Server 
Storage  systems.  Unrivaled  technology  expertise  including  system  level  interoperability,  protocol  agnostic  software  architecture, 
best  in  class  signal  integrity  and  fault  diagnostics  will  accelerate  time  to  market  of  reliable,  cost  effective  storage  equipment. 
Visit  www.pmc-sierra.com/storage  Enabling  connectivity.  Empowering  people. 
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My  staff  sleeps  at; 
night  because  we 
know  we  have  our 
information  backed 
up  all  the  time  j  j 

JON  HOLMES,  manager  of  technology, 

Vitale,  Caturano&Co. 


Continuous  data  protection  tools  have  become 
all  the  rage. They’re  popular  with  IT  executives 
developing  New  Data  Center  storage  plans, 
because  they  deliver  a  time-sensitive 
approach  to  backing  up  and  recovering  data.  But  CDP  vendors 
aren’t  resting  on  their  laurels. 
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The  latest  CDP  tools 
offer  advanced  recovery 
and  archiving,  and  more 
integration  choices. 


BY  BOBVIOLINO 


In  recent  months,  many  vendors  have  begun  offering  enhanced  products  that 
deliver  event-driven  backup  and  archiving.  These  let  users  recover  data  with  a 
greater  level  of  detail.  Also  in  the  works  are  CDP  tools  that  support  a  wider  vari¬ 
ety  of  servers  and  databases. 

Late  last  year,  for  example,  Mendocino  Software  rolled  out  RecoveryOne,  which 
annotates  the  CDP  timeline  with  information  about  events  to  make  the  selection 
of  an  optimal  recovery  point  easier.  Other  next-generation  features  include  built- 
in  interfaces  to  storage  products  for  archiving,  simultaneous  support  for  multiple 
heterogeneous  servers,  the  ability  to  present  multiple  historical  views  and 
improved  scalability  and  performance,  according  to  the  company. 

In  March  Mendocino  teamed  with  Sybase  to  integrate  RecoveryOne  with  the 
Sybase  Adaptive  Server  Enterprise  and  Sybase  IQ  databases.  The  goal  is  to 
create  a  comprehensive  set  of  database  management  tools  that  cover  sin¬ 
gle-  and  multisite  environments.  Benefits  will  include  better  database  pro¬ 
tection  and  recovery  with  less  impact  on  production  and  more-flexible 
off-host  processing;  easier  heterogeneous  data  migration  for  database 
server  and  storage  upgrades  and  consolidation;  and  streamlined  data 
retention  efforts,  the  companies  say. 

The  CDP  portfolio  of  Revivio,  a  2005  start-up  to  watch  (www.nw 
docfinder.com/3137),  has  been  evolving  for  several  years.  In  April, 
for  example,  it  unveiled  the  Continuous  Protection  System  (CPS) 
1000,  its  first  product  with  embedded  disks.  The  CPS  1000  joins 
the  Revivio  TimeFrame  Data  Protection  System,  which  the  com¬ 
pany  says  brought  time-addressable  storage  to  the  market,  and 
the  second-generation  CPS  1200  appliance,  Revivio's  flagship 
product,  which  replicates  disks  or  groups  of  disks  with  data  from 
any  point  in  time  and  provides  restored  volumes  that  offer  instant 
read/write  access. 

Since  its  introduction  almost  three  years  ago,  the  CPS  1200  has 

See  CDP,  page  72 


www.  net  work  world .  com/supp/2006/ndc/ 


May  22,  2006 


Continuous  data 


INNOVATIONS  IN 


Access  your  future  today  at 
citrix.com. 


©2006  Citrix  Systems,  Inc.  All  rights  reserved.  Citrix*  is  a  trademark  of  Citrix  Systems,  Inc. 
and/or  one  or  more  of  its  subsidiaries,  and  may  be  registered  in  the  United  States  Patent  and 
Trademark  Office  and  in  other  countries.  All  other  trademarks  and  registered  trademarks  are 
the  property  of  their  respective  owners. 


Florida  Guardian  ad  Litem  Saw  the  Future  of  Child  Advocacy. 

Citrix  Provided  Access. 


“Custody  rulings.  Foster  care.  Adoptions.  Our  founding  vision  was  to  give  every  abused 
and  neglected  child  in  Florida  a  strong  advocate  in  court.  Two  years  later,  we’re  well  on 
our  way.  Today,  program  staff,  attorneys  and  over  5,000  volunteers  represent  more 
than  27,000  children.  Instead  of  information  in  file  drawers  scattered  all  over  the  state, 
Citrix  software  gives  advocates  secure  access  to  our  case  management  system  from 
anywhere.  Resources  are  precious,  so  we  must  apply  them  wisely,  not  waste  time 
chasing  data.  These  kids  depend  on  us.  That’s  why  we’re  depending  on  Citrix  to  take 
us  the  rest  of  the  way  to  advocate  for  every  Florida  child  in  need.  ” 

JOHNNY  C.  WHITE 

CIO 

Florida  Guardian  ad  Litem  Program 


CITRIX 


vs 


The  New  Data  Center 


www.networkworld.com/supp/SOQ6/ndc/ 


May  SS,  S006 


COP 

continued  from  page  70 

supported  instant  recovery  of  individual  objects  such  as 
files  and  e-mail, and  has  offered  instant  access  to  recovery 
points  based  on  operational,  environmental  and  applica¬ 
tion-specific  events. 

Prairie  Packaging,  manufacturer  of  foam  and  plastic  dis¬ 
posable  products,  began  using  Revivio’s  CPS  1200  in  De¬ 
cember  to  continuously  back  up  two  servers  running 
Windows  Server  2000  and  an  Oracle  back-end  database.The 
company  plans  to  expand  the  deployment  to  include  its 
Oracle  ERP  system,  which  runs  on  Sun  880  servers,  says 
Manny  Singh,  director  of  IT. 

With  the  appliance,  the  Bedford  Park,  Ill.,  company  can 
bring  up  a  backup  system  in  less  than  five  minutes, he  says. 
Among  its  biggest  benefits  is  the  reduction  of  downtime.  It 
costs  the  company  thousands  of  dollars  in  lost  labor  and 
productivity  for  a  server  to  be  down  for  one  hour,  he  says. 

Another  start-up,  Mimosa  Systems,  focuses  on  providing 
CDP  for  Exchange  servers.  Its  NearPoint  tool  captures 
e-mail  throughout  its  life  cycle,  creation  through  destruc¬ 
tion,  in  every  mailbox  including  senders’ and  recipients’. 
It  can  track  an  e-mail’s  complete  access  and  activity  his¬ 
tory,  including  all  opens,  edits,  deletions  and  forwards, 
without  affecting  server  performance. 

Mimosa  pitches  this  as  a  major  improvement  over  other  e- 
mail  data  collection  approaches,  including  SMTRthe  Micro¬ 
soft  Messaging  API  and  journaling.  These  can  affect  per¬ 


formance  and  consume  large  amounts  of  storage  and  lack 
rich  information  indexing  capabilities,  the  company  says. 

NearPoint,  which  is  Mimosa’s  first  CDP  product,  offers 
email  archiving,  recovery  and  user  self-service  access  to  all 
historical  email.  It  uses  commodity  storage  such  as  Serial 
Advanced  Technology  Attachment  RAID  and  network- 
attached  storage  (NAS)  appliances  to  provide  CDP  and 
access  to  archived  data  from  multiple  Exchange  servers. 
Administrators  can  perform  immediate  restorations  and 
configure  policies  using  the  standard  Microsoft  Manage 
ment  Console.  Support  is  expected  to  be  forthcoming  for 
additional  applications, such  as  inData’s  eDiscovery  file  sys¬ 
tems  and  Microsoft  SharePoint,the  company  says. 

Old  faces,  new  lines 

Start-ups  such  as  Mendocino,  which  in  2002  began  offer¬ 
ing  its  first-generation  CDP  software  —  RealTime,  for  IBM 
AIX  platforms  —  aren’ t  alone  in  this  market  any  longer. 

In  October  2005,  for  example,  storage-industry  leader 
EMC  unveiled  its  first  CDP  offering,  RecoverPoint.  The 
software  is  part  of  EMC’s  larger  Recovery  Management 
Strategy  for  combining  analytics  and  reporting,  backup, 
CDP  management  services  and  replication  in  an  inte¬ 
grated  solution. 

RecoverPoint  provides  immediate  data  recovery  to  any 
previous  point  in  time,  capturing  all  changes  as  they 
occur  and  writing  them  in  parallel  to  an  allocated  recov¬ 
ery  storage  space.  The  software  offers  application-aware 
data  protection  to  key  business  applications  on  a  variety 


of  operating  systems,  and  coordinated  recovery  of  groups 
of  related  applications,  enabling  organizations  to  restart 
applications  from  the  same  point  in  time.  RecoverPoint 
supports  heterogeneous  storage  arrays,  applications  and 
operating  systems. 

Application  availability  software  vendor  XOsoft  entered 
the  CDP  market  with  Data  Rewinder,  which  it  updated  a 
year  ago  and  renamed  Enterprise  Rewinder.  The  tool  pro¬ 
vides  instantaneous  recovery  of  corrupted  Exchange,  SQL 
and  Oracle  databases.  It  continuously  captures  and  jour¬ 
nals  all  input  and  output  operations  that  result  in  a  change 
to  the  data.  From  a  centralized  GUI,  IT  administrators  can 
recall  significant  application-specific  events  such  as  input 
and  output  patterns,  checkpoints  and  log  file  rotations. 

IBM  also  plays  in  the  CDP  market.  Its  Tivoli  Continuous 
Data  Protection  for  Files  provides  real-time  data  protection 
for  file  servers  and  PCs.  Users  can  specify  as  many  as  three 
target  backup  and  replication  areas  for  high-priority  files:  a 
local  disk,  a  file  server  or  NAS  appliance,  and  a  Tivoli 
Storage  Manager  server.  Files’  changes  are  captured  when 
they  occur  to  help  protect  against  corruption,  file  loss,  sys¬ 
tem  loss  or  accidental  deletion.  The  product  provides  off¬ 
site  copies  of  backup  data  for  vaulting,  auditable  disaster 
recovery  and  tape  and  media  management. 

And  in  March,  data  management  vendor  Atempo  entered 
the  CDP  market  through  the  acquisition  of  Storactive.  It 
offers  two  CDP  tools,  LiveServ  and  LiveBackup. 

With  LiveServ,  Microsoft  Exchange  administrators  recover 
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The  latest  crop  of  continuous  data  protection  tools  offer  sophisticated  capabilities  such  as  self-serve  file  recovery  and  more  detailed  recovery  points. 
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Highlight 
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Atempo  (formerly 
Storactive) 

LiveBackup 

www.nwdocfinder.com/3524 

Provides  self-serve  file  recovery  for  users. 

$25  to  $75  per  seat, 
depending  on  volume 

EMC 

RecoverPoint 

www.nwdocfinder.com/3525 

Offers  application-aware  data  protection  to 
key  business  applications  on  a  variety  of 
operating  systems. 

Starts  at  $75,000 

IBM 

Tivoli  Continuous  Data  Protection  for  Files 
www.nwdocfinder.com/3526 

Lets  users  specify  as  many  as  three  target  back¬ 
up  and  replication  areas  for  high- 
priority  files,  including  a  local  disk,  a  file  server 
or  network-attached  storage  appliance,  and  a 
Tivoli  Storage  Manager  server. 

$35  per  laptop  or 
desktop;  $995  per 
server  processor 

Mendocino 

Software 

RecoveryOne 

www.nwdocfinder.com/3527 

Annotates  the  CDP  timeline  with  information 
about  events  to  make  optimal  recovery-point 
selection  easier. 

$50,000 

Mimosa  Systems 

NearPoint 

www.nwdocfinder.com/3528 

Offers  archival  recovery  and  user  self-service 
access  to  all  historical  e-mail. 

Starts  at  $10,000 

Bevivio 

CPS  1200 

www.nwdocfinder.com/3529 

Instantly  lets  users  restore  data  exactly  as  it 
existed  at  any  point  or  event  in  time,  for  appli¬ 
cations  such  as  ERP,  databases  and  e-mail. 

Starts  at  $50,000 

XOsoft 

Enterprise  Rewinder 
www.nwdocfinder.com/3530 

Continuously  captures  input  and  output  oper¬ 
ations  that  result  in  a  change  to  the  data,  and 
journals  them  for  data-recovery  purposes. 

$25,000 
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HP  ProLiant  BL35p  BLADE  SERVER 


with  ProLiant  Essentials  Management  Software 

•  Up  to  2  Dual-Core  AMD  Opteron™  200  Series  processors 

•  High  density:  Up  to  96  servers  per  rack 

•  Rexible/Open:  Integrates  with  existing  infrastructure 

•  HP  Systems  Insight  Manager™:  Web-based  networked 
management  through  a  single  console 

•  Rapid  Deployment  Pack:  For  ease  of  deployment  and 
ongoing  provisioning  and  reprovisioning 


Chaos,  now  under 
your  control. 


•  Integrated  Cisco  or  Nortel  switch  options 

Save  up  to  $450  on  select  AMD  based  Blade  Servers.’ 


HP  BladeSystem  servers  offer  tools  to  help  you  keep  pace  with  fluctuating  demands. 

The  HP  ProLiant  BL35p  Blade  Server  is  designed  to  relieve  some  of  the  stress.  Its 


HP  StorageWorks  MSA1500cs 


with  StorageWorks  Essentials  Management  Software 

•  Up  to  24TB  of  capacity  (96  250GB  SATA  drives) 

•  Up  to  16TB  of  capacity  (56  300GB  SCSI  drives) 

•  Ability  to  mix  SCSI  and  Serial  ATA  enclosures  for 
greater  flexibility 

•  2GB/1GB  Fibre  connections  to  host 

Get  2TB  of  storage  free  ($2,008.80  value)2 


AMD  Opteron™  processors  offer  dual-processor  power  with  breakthrough  efficiency. 
With  management  features  like  the  Rapid  Deployment  Pack  that  lets  you  deploy 
and  redeploy  blades  without  missing  a  beat,  and  a  single-view,  graphical  user 
interface  that  streamlines  monitoring  and  configuration,  HP  BladeSystem  servers  work 
with  you  so  you  don't  have  to  work  so  hard.  And,  bundled  with  the  StorageWorks 
MSA1500cs,  you  can  reduce  the  cost  and  complexity  of  deploying  a  storage  area 
network,  giving  you  a  better  return  on  investment. 

Save  up  to  $450  on  select  AMD  based  Blade  Servers.1 
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Call  1-888-223-5441 
Click  Hp.com/go/bladesmag49 
Visit  your  local  reseller 
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messages,  mailboxes  or  databases 
from  any  previous  point  in  time. 
The  latest  release  of  LiveServ  in¬ 
cludes  an  e-mail  search  tool  that 
lets  administrators  easily  retrieve 


older  Exchange  data  from  Live 
Serv  archives.  As  LiveServ  evolves, 
its  role  is  moving  beyond  simple 
backup  and  recovery  to  long-term 
data  retention  and  archiving, 
Atempo  says.  A  new  version  will 
be  available  later  this  year. 

Atempo’ s  other  CDP  tool,  Live 


Backup,  protects  Windows  desk¬ 
tops  and  laptops  without  disrupt¬ 
ing  work  and  interfering  with  pro¬ 
ductivity.  As  LiveBackup  has 
evolved,  its  backup  operations 
have  become  increasingly  trans¬ 
parent  to  users,  the  company  says. 
The  LiveBackup  user  experience 


now  compares  to  those  with  mod¬ 
ern  anti-virus  applications:  Users 
are  aware  of  LiveBackup  only  dur¬ 
ing  recovery  operations. 

The  latest  LiveBackup  features 
and  capabilities  include  real-time 
data  protection  that  monitors  files 
for  changes  and  backs  up  data  as 


it  is  saved;  automatic  backup  of 
e-mail  in-boxes;  and  self-serve  file 
recovery,  which  lets  users  recover 
their  own  files. 

Mike  Karp,  senior  analyst  at 
Enterprise  Management  Asso¬ 
ciates,  says  he  considers  self-serve 
file  recovery  one  of  the  most  valu¬ 
able  features  of  the  newer  CDP 
tools.  “If  CDP  can  effect  recovery 
without  getting  the  help  desk  in¬ 
volved,  then  the  whole  IT  process 
gains  efficiency  says  Karp,  who 
also  writes  Network  World’s  “Stor¬ 
age  in  the  Enterprise”  newsletter 
(www.nwdocfinder.com/1 0 1 9) . 

CDP  in  action 

At  Vitale,  Caturano  &  Co.,  a 
Boston  accounting  and  business 
advisory  firm,  LiveBackup  helps 
protect  data  stored  on  the  firm’ s 
traveling  users’  laptops,  says  Jon 
Holmes,  manager  of  technology. 

The  software  backs  up  data 
every  time  a  user  makes  a  change, 
ensuring  that  virtually  no  data  is 
lost,  he  says.  Transparently  to  the 
user,  LiveBackup  caches  file 
changes  locally  then  performs  a 
remote  backup  once  the  user  con¬ 
nects  to  the  network. 

Vitale,  Caturano  put  the  software 
to  the  test  in  November  2005, 
when  a  security  patch  distributed 
through  an  automated  patch- 
management  system  inadvert¬ 
ently  deleted  all  the  shortcuts 
users  had  programmed.  Within 
two  hours,  IT  had  restored  all  the 
shortcuts  using  LiveBackup. 

Although  the  users  could  have 
relied  on  LiveBackup’ s  self-serve 
recovery  feature  to  get  their  short¬ 
cuts  back,  IT  opted  to  undertake 
the  recovery  task  for  them, Holmes 
says.  The  recovery  “required  some 
specific  folders  that  are  part  of  the 
operating  system  and  can  be 
tough  to  find,”  he  explains. 

Without  the  CDP  tool,  the  recov¬ 
ery  could  have  taken  two  or  three 
weeks  of  work,  Holmes  says.“With 
a  staff  of  five  people,  we  can’t  lose 
a  person  for  two  weeks.” 

The  CDP  tool  also  offers  peace 
of  mind,  he  says:“My  staff  sleeps  at 
night  because  we  know  we  have 
our  information  backed  up  all  the 
time.” 

Violino  is  a  freelance  technol¬ 
ogy  writer.  He  can  be  reached  at 
bviolino@optonline.  net. 


Maybe  Trouble  Will  Just  Pass  You  By. 

(then  again...) 

Trouble  may  already  be  lurking  within  your  mission-critical  facility's  electrical  and  mechanical  infra¬ 
structure.  And  wishing,  waiting,  hoping  and  holding  your  breath  won't  make  the  problem  go  away... 
but  we  will.  Since  1 983,  Lee  Technologies’  high-availability  products  and  services  have  made  us  the 
industry’s  most  respected  provider  of  mission-critical  infrastructure  solutions. 

Lee  Technologies  helps  ensure  maximum  uptime  as  well  as  compliance  with  regulatory  mandates 
such  as  Sarbanes-Oxley  and  HIPAA.  From  products  such  as  Uninterruptible  Power  Supplies  (UPS) 
to  design,  integration,  maintenance  and  monitoring,  we  equip  your  data  center  with  the  strength  and 
resiliency  to  keep  your  facility  up  and  running,  safe  and  sound. 

How  vulnerable  is  your  facility?  For  less  than  the  cost  of  a  minute  of  downtime,  Lee 
will  assess  your  site  and  identify  the  areas  that  put  you  the  most  at  risk  of  downtime.  For 
more  information,  to  schedule  a  Mission-Critical  Infrastructure  Assessment  (MCI  A),  or  to 
receive  your  FREE  Guide,  Tiered  Maintenance  Standards  for  Mission- 
Critical  Infrastructure,  call  877-654-9662  or  visit  www.leemaximumuptime.com. 
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With  shrinking  backup,  recovery  and  archive  windows,  most  IT  Professionals  protect  their  data  after  normal 
business  hours  and  on  weekends  -  the  times  when  you  would  rather  not  sit  around  watching  a  tape  library. 
Our  PX500  Series  redefines  value  in  rackmount  tape  automation  with  enterprise-class  features,  high  density 
and  market-leading  investment  protection.  And  our  superior  performance,  reliability  and  support  allow  you 
to  have  a  normal  life  -  with  vacations.  To  find  out  how  Quantum's  got  you  covered  with  our  new  PX500  Series, 
call  866-827-1500  or  visit  us  at  www.quantum.com.  UltW»M 
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MB  Financial  Bank  gains  business 
flexibility  with  a  capacity-on-demand  SAN 


BY  BETH  SCHULTZ 


B  Financial  Bank,  one  of  the  largest  independent  banks  in  the 
Chicago  area,  proclaims  it  makes  banking  “betsimpsier”:  better, 
simpler,  easier.  Among  the  reasons  the  bank  can  make  such  a 
claim  is  its  use  of  utility  storage,  a  New  Data  Center  technology. 


MB  Financial  Bank  sprang  into  being  in  2001  when  two 
of  Chicago’s  oldest  community  banks  —  Manufacturers 
Bank  and  MidCity  Financial  —  merged.  With  this  grand- 
daddy  of  mergers  came  a  financial  institution  double 
the  size  of  the  old.  Problem  was,  each  of  the  35  then- 
operating  branches  housed  its  own  customer  data: 
That  made  running  a  cohesive  business  a  challenge. 

Karen  Perlman,  MB  Financial’s  director  of  marketing, 
recounts  the  difficulties  of  gathering  customer  data  at 
that  time.  “We  had  to  have  programs  that  pulled  data 
from  35  different  locations.  The  data  was  hard  to  get  at, 
and  we  couldn’t  get  it  with  any  frequency,"  she  says. 

More  importantly,  the  bank  was  concerned  that  hav¬ 
ing  data  stored  throughout  the  branches  might  hinder 
growth,  Perlman  says. 

To  fix  business  issues  such  as  these,  the  IT  group  con¬ 
solidated  and  centralized  its  storage  operations  in  a 
new  data  center  in  the  Chicago  area.  The  company  did¬ 
n’t  want  to  build  any  old  storage-area  network  (SAN). 
Instead,  with  the  goal  of  maximizing  flexibility  and  seal- 
ability,  it  turned  to  SAN  technology  to  let  applications 
grab  storage  capacity  as  they  needed  it  from  a  com¬ 
mon  pool  within  an  array,  utility-style. 

After  evaluating  technology  from  EMC,  Hitachi  Data 
Systems,  Xiotech  and  start-up  3Par,  MB  Financial  Bank 
settled  on  SPar's  InServ  Storage  Server.  This  tiered- 
storage  array,  topped  with  specialized  provisioning 
software,  gives  the  bank  the  f lexibility  and  scalability  it 
wants,  plus  makes  storage  management  and  backup 
easy,  says  Andy  Kukuk,  SAN  engineer  for  the  bank. 

In  2004  the  bank  had  one  InServ  Storage  Server 
operating  at  the  new  data  center  and  had  moved  a 
small  portion  of  business  data  to  it.  Kukuk’s  job  was 
to  move  the  rest  of  the  legacy  data  onto  the  SAN  and 

See  MB  Financial,  page  78 
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Analysis  and  Monitoring  Solution 

Enables  Effective  and  Efficient  Centralized  Operations 


You  can  increase  visibility  and  control  of  distributed  networks 
while  reducing  management  costs. 


As  enterprise  networks  become  more  distributed  to  accommodate  remote  offices  and 
virtual  workforces,  there  is  also  a  trend  to  centralize  IT  operations  to  contain  costs 
and  improve  efficiencies.  With  the  shift  to  more  distributed  networks,  users  in  both 
headquarters  and  remote  offices  expect  nearly  seamless  operations  with  always-on 
services  across  the  entire  enterprise.  With  more  IT  resources  concentrated  in  the 
network  operations  center  (NOC),  remote  network  outages  and  slowdowns  can  be 
more  difficult  to  solve  due  to  the  challenges  of  distance  and  the  need  for  trouble¬ 
shooting  at  remote  locations.  The  solution  to  these  seemingly  conflicting  challenges 
is  an  integrated  strategy  that  spans  managing  remote  networks  and  centralized 
network  operations.  To  support  this  strategy  requires  a  solution  that  analyzes  and 
monitors  remote  locations  to  give  you  the  necessary  visibility  and  the  tools  required 
to  detect  and  resolve  issues  quickly. 
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Distributed  Network  Analysis  and 
Monitoring  Solution 

To  achieve  the  visibility  needed  to  manage  remote 
networks  from  the  NOC,  the  Fluke  Networks  Distributed 
Network  Analysis  and  Monitoring  Solution  deploys  remote 
analyzers  to  key  points  throughout  the  network  and  uses 
a  centralized  server  and  applications  to  collect  and  ana¬ 
lyze  network  and  application  performance.  The  remote 
analyzers  are  the  familiar  OptiView™  Workgroup  Analyzer 
that  is  deployed  alongside  remote  networking  hardware 
to  analyze  and  monitor  LAN  traffic  and  the  OptiView™ 
WAN  Analyzer  that  analyzes  and  monitors  WAN  access 
points.  The  centrally  located  server  is  the  OptiView™ 
Server  that  seamlessly  integrates  with  the  remote 
analyzers  to  collect  information  and  give  visibility  to 
network  performance  and  to  give  you  a  comprehensive 
tool  set  to  find  and  fix  problems.  The  solution  gives  you 
unprecedented  views  of  remote  network  activity. 

In-depth  troubleshooting 

A  cornerstone  of  the  solution  is  its  remote  trouble¬ 
shooting.  The  OptiView  Workgroup  Analyzer  and  OptiView 
WAN  Analyzers  are  well  known  for  their  automatic 
network  discovery  and  intelligent  network  diagnosis. 

Their  information-rich  Network  Front  Page  gives  you 
instant  vision  into  what  is  happening  at  the  remote 
locations  in  an  easy-to-understand  format  that  allows 
you  to  easily  drill  down  into  any  area  by  clicking  the 
target  of  interest.  The  OptiView  Workgroup  Analyzer 
automatically  performs  cable  tests,  identifies  any 


problems,  and  provides  you  with  detailed  information, 
such  as  the  remote  location's  use  of  bandwidth,  protocol 
statistics  and  devices  and  sub-networks  discovered.  You 
can  easily  verify  that  remote  operations  are  running  as 
expected  or  identify  quickly  where  they  are  not. 

Scaling  the  solution  to  your  network 

Whether  you  have  one  remote  office  or  many  remote 
locations,  the  distributed  solution  can  scale  to  provide 
the  required  visibility  and  analysis.  By  placing  remote 
analyzers  in  several  locations,  you  can  monitor  traffic 
between  specific  points  on  the  network.  This  allows  you 
to  pinpoint  exactly  where  a  problem  is  occurring  between 
two  different  devices  in  your  distributed  network. 

Implementing  proactive  management 

Proactively  managing  your  network  is  fundamental  to 
heading  off  problems  and  improving  availability.  The 
solution's  integral  OptiView  Console  generates  maps  and 
reports  of  your  remote  sites  to  assess  changes  in  your 
remote  network  operations.  Through  the  console,  you 
can  see  a  granular  analysis  of  the  traffic,  with  trends, 
bandwidth  utilization,  and  even  the  switch  ports  in  use 
and  what  is  connected  to  them.  This  makes  diagnosis 
of  remote  network  problems  much  easier  and  helps  you 
make  improvements  on  an  ongoing  basis.  By  highlight¬ 
ing  changes,  the  solution  enables  you  to  detect  changes 
in  performance  before  they  become  serious  problems. 
When  the  solution  does  detect  a  problem,  it  can 
immediately  alert  you. 


Increasing  efficiency  of  operations  staff 

According  to  industry  research,  remote  trouble¬ 
shooting,  the  ability  to  view  a  problem  from  the  NOC  and 
drill  down  to  find  the  root  cause,  is  approximately  10 
times  more  efficient  than  traveling  to  a  remote  location. 
When  performance  does  degrade  or  an  outage  occurs, 
remote  troubleshooting  allows  you  to  quickly  pinpoint 
the  cause  of  the  problem  as  if  you  were  onsite  at  the 
remote  office.  With  this  visibility  from  the  NOC,  you  can 
reduce  the  time  to  resolve  remote  problems  from  days 
to  just  hours  in  many  cases.  This  can  mean  a  reduction 
in  MTTR  by  as  much  as  90%.  With  the  Fluke  Networks 
Distributed  Network  Analysis  and  Monitoring  Solution, 
you  avoid  expensive  dispatches  of  operations  staff  to 
remote  locations.  This  also  frees  up  staff  to  work  on 
higher  value  projects  and  programs. 

For  more  information 

To  learn  more  about  the  Fluke  Networks  Distributed 
Analysis  and  Monitoring  Solution,  visit: 

www.flukenetworks.com/distributedanalysis 

or  call  1-800-283-5853  to  arrange  for  a 
demonstration. 
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use  the  3Par  technology  to  its  fullest,  he  says. 

Over  six  months,  Kukuk  migrated  the  remaining  appli¬ 
cation  data  from  the  bank  branches  to  the  central  storage 
network.  Today  the  InServ  array  supports  about  20 
Microsoft  database,  messaging,  file/print,  system  manage¬ 
ment  and  clustering  servers,  which  now  support  40 
branches.  On  the  SAN, storage  capacity  has  reached  20TB, 
he  says.  Data  resides  in  one  of  two  tiers.  Frequently 
accessed  business  data  resides  on  147GB  drives  in  the 
InServ  array  while  less  frequently  accessed  data  is  stored 
on  less  expensive  300GB  drives,  he  explains.Those  drives, 
he  adds,  are  mainly  for  file  server  data. 

3Pars  Thin  Provisioning  software  lets  MB  Financial  Bank 
provide  storage  in  utility  fashion.  Using  Thin  Provisioning, 
which  works  with  3Par's  dedicate-on-write  capabilities, 
Kukuk  allocates  logical  capacity  to  applications  based  on 
perceived  need.  If  an  application  ultimately  requires  more 
capacity  for  its  written  data,  it  draws  resources  as  needed 
from  a  common  pool. 

MB  Financial  Bank  began  using  Thin  Provisioning  in  early 
2005,  primarily  for  its  smaller  storage  volumes,  Kukuk  says. 
For  example,  he  uses  the  provisioning  software  for  database 
volumes  and  database  log  files. 


Before  the  company  used  Thin  Provisioning,  data  filled 
45%  to  50%  of  allotted  space  on  the  SAN,  Kukuk  says. With 
Thin  Provisioning  providing  flexibility  in  allocating  space, 
the  bank  now  uses  about  75%  of  its  SAN  capacity:  “Thin 
Provisioning  definitely  saves  us  space  and  gives  us  better 
utilization  of  the  storage  we  have  allocated,”  Kukuk  says. 

Besides  using  the  provisioning  add-on, MB  Financial  takes 
advantage  of  3Par’s  Remote  Copy  facility  for  backup  pur¬ 
poses.  Since  August,  the  bank  has  replicated  SAN  data  to  a 
second  InServ  array  located  at  its  newly  opened,  remotely 
located  disaster  recovery  facility“We  replicate  all  volumes 
on  the  production  3Par  system  to  the  disaster-recovery  site 
multiple  times  throughout  the  da}/  Kukuk  says. 

For  replication,  MB  Financial  Bank  uses  what  3Par  calls 
Asynchronous  Periodic  Mode,  in  which  Remote  Copy  cre¬ 
ates  a  snapshot  of  the  SAN  data  and  replicates  this  source 
volume  to  the  remote  site.  At  set  times  daily  Remote  Copy 
takes  an  additional  snapshot  of  the  stored  data,  compares 
it  with  the  source  volume  and  sends  only  the  changed 
data  to  the  remote  InServ  array 

In  considering  3Par's  Remote  Copy  option,  Kukuk  says  a 
big  plus  was  its  ability  to  send  the  replicated  data  over  MB 
Financial  Bank’s  IP  network  via  an  Ethernet  adapter  in  the 
array  The  alternative,  remote  backup,  would  have  meant 
buying  a  Fibre  Channel  extender  or  protocol  converter 
and  a  dedicated  connection  to  the  disaster  recovery 


application.  “But  this  rides  on  our  existing  network  and 
didn’t  cost  us  anything  extra,”  he  adds. 

Now,  Kukuk  says,  the  storage  network  is  ready  for  any 
business  change  —  even  another  major  acquisition. 

The  business  operates  far  more  smoothly,  Perlman  adds. 
With  the  revamped  infrastructure,  for  example,  marketing 
pulls  and  analyzes  customer  data  daily“Now  I  can  get  time¬ 
ly  information  on  how  customers  were  referred  to  the 
bank’s  services,”  Perlman  says.“I  can  track,  from  a  marketing 
standpoint,  whether  they  come  because  of  something  they 
saw  in  their  statement,  on  a  billboard  or  in  the  newspaper, 
or  heard  on  the  radio.  I  can  see  what’s  working  or  not,  and 
that’s  been  very  beneficial.” 

Perhaps  she  might  say,  business  operations  at  MB 
Financial  Bank  have  gotten  betsimpsier.  ■ 
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Lee  Tech  Staffing  Helps  You  Unleash 
The  Power  of  Your  Mission-Critical  Facility 


Your  data  center's  physical  infrastructure 
is  only  as  good  as  the  people  that  make  sure 
it's  always  available.  And  finding  qualified 
facility  technicians  is  more  challenging  than 
ever  That's  why  Fortune  500  companies 
concerned  with  business  continuity  count 
on  Lee  Tech  On-site  Staffing  solutions. 

Lee  Technologies’  Staffing  solutions  place 
higniy-trained  Facility  Resource  Technicians 
at  your  site.  We  supervise  and  perform 
maintenance  tasks,  conduct  daily  walk-thraughs 
and  develop  operational  procedures  for  the 
nation's  most  advanced  data  centers.  Now 
we  re  ready  to  assist  you. 

From  UPSs  to  PDUs,  HVAC  to  generators, 
mission-critical  facility  support  is  precisely 
what  we  do. 


All  from  a  company  with  more  than 
20  years’  experience  in  mission-critical 
infrastructure  solutions.  With  Lee,  you  always 
have  a  qualified  workforce  with  the  expertise 
and  tools  needed  to  do  the  job. 

For  your  FREE  Whitepaper,  The 
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www.leetechstaffing.com 
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You  need  more  storage.  You  don't  need  more  fees  or  systems  to 
manage.  The  Pillar  Axiom™  storage  system  lets  you  add  performance 
and  capacity  over  300  TB  per  system,  without  multiple  software 
license  fees.  It  empowers  you  to  manage  data  on  multiple  tiers, 
whether  in  SAN,  NAS  or  both,  through  one  simple  user  interface. 
Because  Pillar  delivers  top-tier  performance  and  capacity,  often  for 
less  than  what  many  companies  pay  just  to  maintain  and  operate 
their  storage  systems,  it  can  really  improve  your  bottom  line. 

To  hear  about  our  new  approach  to  managing  data  storage,  you 
owe  it  to  yourself  to  schedule  a  half-hour  briefing. 

Call  1-877-252-3706  orvisitwww.pillardata.com/smaller 

Learn  the  truth  about  networked  storage. 
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r  about;  the  same 
cost  we’re  getting 
10  times  the  per¬ 
formance  plus  the 
added  benefits  of 
software  functionality 
down  the  road. 

JEFF  MACHOLS,  systems  integration  manager  at 
CitiStreet,  speaking  about  the  differences  between 
traditional  tape  and  virtual  tape  library  technology 


Virtual  tape 


on 


Benefits  giant  CitiStreet  ditches  traditional 
tape  and  brings  disaster  recovery  in-house 
with  New  Data  Center-style  systems. 

BY  JULIE  BORT 

When  virtual  tape  arrived  on  the  scene  a  few  years  ago,  many 

storage  managers  dismissed  it  as  a  niche  product  not  stur¬ 
dy  enough  for  enterprise-class  backups.  Now  this  New  Data 
Center  technology,  which  mimics  a  tape  backup  library  but 
uses  disks  as  the  medium,  is  proving  itself  in  ever-larger  organizations. 

Consider  CitiStreet. The  joint  venture  between  financial  giants  Citigroup  and  State 
Street  is  one  of  the  nation’s  largest  insurance  benefits  delivery  providers  and  retire¬ 
ment-plan  record  keepers;  the  company  reports  servicing  more  than  9  million  plan 
participants.  CitiStreet,  based  in  Quincy,  Mass.,  has  used  a  35TB  Sepaton  S2100-ES2 
virtual  tape  library  in  its  Jacksonville,  Fla.,  data  center  for  more  than  a  year,  and  is 
installing  a  40TB  unit  in  its  Quincy  data  center.  By  July,  that  VTL  will  be  operational 
and  the  company  will  retire  its  two  aging  Quantum  ATL  tape  library  units,  which 
contain  four  DLT  7000  tape  drives  each,  says  Jeff  Machols,  systems  integration  man¬ 
ager  for  CitiStreet.  At  that  time,  the  VTL  will  let  the  two  data  centers  provide  speedy 
disaster  recovery  for  each  other.  Machols  recently  discussed  CitiStreet’s  storage 
plans  with  Network  World  Executive  Editor  Julie  Bort. 


What  was  the  impetus  for  moving  to  a  virtual 
tape  library? 

The  [Quantum]  equipment  was  starting  to  age,  and 
as  compliance  moved  to  the  forefront,  compliance- 
audited  security  started  to  become  a  major  concern. 
Plus,  we  had  more  batch  processing  going  on  at  night. 
We  needed  to  shrink  our  backup  window  because  our 
backups  were  a  big  [part]  of  our  batch  processes. 
Each  [backup  batch]  stream  could  take  anywhere 
from  one  to  three  hours  —  and  each  client  had  its  own 
batch  cycle. 

The  Quantum  ATLs  we  were  using  were  5  to  7  years 
old.  More  importantly,  the  media  was  aging.  We  knew 
we  had  to  make  a  big  purchase  of  hundreds  of  tapes;  it 
made  sense  to  start  looking  at  other  solutions. 


Did  you  know  you  wanted  virtual  tape? 

Initially,  we  were  going  to  just  refresh  our  [tape 
library]  hardware.  About  three  years  ago,  we  first  saw 
[ VTLs]  . . .  but  they  weren’t  mainstream  yet  and  the  ones 
that  were  out  there  were  relatively  small  and  not  really 
scalable. They  weren’t  sophisticated  in  terms  of  the  soft¬ 
ware,  and  the  road  map  they  were  on.  But  when  we 
started  to  look  seriously  [to  replace  the  Quantum 
library],  more  enterprise-class  systems  were  available. 

We  looked  at  traditional  tape  backup  and  also  things 
like  network-attached  storage  and  virtual  tape. 
Network-attached  storage  would  have  changed  all  our 
backup  procedures,  software,  scripts  —  everything, 
because  it’s  a  whole  different  storage. Virtual  tape  emu- 

See  CitiStreet  page  82 
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9:42  am  Singapore  branches  go  offline,  trouble  ticket  created 
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lates  the  tape  library.  So  we  didn’t  have  to  change  any 
software  or  update  any  of  our  backup  or  restore 
processes  —  our  Veritas  backups,  and  backup  and 
restore  scripts. 

Did  you  get  a  faster  backup  with  the  VTL? 

Much  faster.  We  went  from  averaging  2M  to  3M 
bytes/sec  to  well  over  30M  bytes/sec. 

Virtual  tape  is  billed  as  being  a  low-cost 
backup  method.  Was  that  the  case  for  you? 

When  you  look  at  having  to  buy  the  actual  library  the 
drives  and  the  tape  media,  the  cost  per  megabyte  for 
virtual  tape  is  about  the  same.  For  about  the  same  cost 
we’re  getting  10  times  the  performance  plus  the  added 
benefits  of  software  functionality  down  the  road. 

When  will  the  second  system  be  live? 

By  the  end  of  Q2. 

What  functions  can  you  do  with  your  virtual 
tape  library  that  you  couldn’t  do  with  physi¬ 
cal  tape? 

The  biggest  is  appliance-level  replication.  The 
Sepaton  has  the  ability  to  talk  to  another  Sepaton  and 
clone  the  data  [it  stores  on  the  entire  appliance], That 
gives  us  a  secure  way  to  transmit  all  our  data  over  the 
wire,  encrypted  on  our  dedicated  circuit,  and  that’s 
how  we  do  our  disaster  recovery.  That’s  a  much  more 
effective  way  than  using  a  third-party  tape  storage  ven¬ 
dor  that’s  going  to  bring  our  media  on-  and  off-site.  On 
top  of  that,  there  is  other  content-aware  functionality 
that  reduces  the  physical  footprint  we  require.  Sepaton 
uses  certain  types  of  compression  and  incrementals  — 
it  realizes  that  this  data  is  the  same  as  yesterday’s  data, 
backs  up  only  the  new  data  and  reduces  the  capacity 
that  we  need,  which  reduces  the  cost. 

How  does  it  help  you  enforce  your  policies 
for  compliance  and  auditing? 

In  terms  of  compliance,  it  helps  us  because  the  more 
we  can  contain  our  own  data  in-house,  the  better  off  we 
are.  Reducing  reliance  on  third-party  vendors  is  a  good 
thing,  especially  when  a  lot  of  these  high-profile  data 
loss  cases  have  come  from  tapes  being  lost  during 
shipping.  As  well  as  giving  us  added  security,  it  is  much 
faster.  If  you  reduce  the  amount  of  time  it  takes  to  get  a 
copy  from  off-site,  that  provides  us  with  even  faster 
recovery  times. 

Once  you  decided  you  wanted  virtual  tape, 
how  did  you  determine  system  requirements? 

We  got  into  the  guts  of  this.  When  you  look  at  all  the 
different  products,  in  reality  it’s  all  just  [Serial  Ad¬ 
vanced  Technology  Attachment] -attached  drives  — 
and  how  many  Serial  ATA  drive  vendors  are  out  there 
—  three  or  four?  So,  in  the  guts  they  are  all  a  lot  the 
same.To  me  a  2%  to  5%  difference  in  I/O  per  second  of 
access  time  wasn’t  critical.  What  1  liked  about  Sepaton 
is  that  it  was  much  further  down  the  road  than  anybody 
else  in  terms  of  things  like  replication,  content-aware 


backups  to  reduce  capacity,  that  sort  of  thing. 

Sepaton  was  relatively  new,  so  there  was  a  little  bit  of 
risk  going  with  the  company,  as  there  is  anytime  you  go 
with  new  vendor,  and  you  get  away  from  a  standard  like 
Quantum.  At  the  same  time,  when  you  are  talking  about 
a  whole  new  technology,  a  [young  vendor]  is  attractive 
because  it  is  looking  at  a  new  paradigm  of  backup  and 
recovery.  Quantum  was  still  focused  on  traditional  tape 
libraries.  Sepaton  is  looking  at  centralized,  second-tier 
storage  management. You’re  not  going  to  put  your  pro¬ 
duction  Oracle  database  on  Sepaton  and  run  it  real¬ 
time.  My  advice  is  to  look  at  the  direction  of  the  com¬ 
pany.  If  VTL  is  an  afterthought  —  a  secondary  product 
—  and  you  are  going  with  VTL  as  your  core  technology 
for  backup,  you  may  want  to  look  at  someone  else. 
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CitiStreet’s 
renewed  backup 
and  recovery 

•Two  data  centers  house  about  100TB  of 
stored  data. 

•  One  Sepaton  35TB  S2100-ES2  virtual 
tape  library  (VTL)  runs  in  a  HP-UX 
environment  at  one  data  center. 

Installation  took  place  more  than  a  year 
ago. 

•  A  second  40TB  Sepaton  VTL  is  being 
deployed  now  in  the  second  data  center. 

•The  ES2  backs  up  about  700GB  of  data 
in  roughly  four  hours.  Before  virtual 
tape,  that  same  backup  took  24  to  30 
hours. 

•When  the  second  unit  is  deployed, 
CitiStreet  will  move  its  disaster- 
recovery  efforts  in-house,  saving  money 
and  speeding  its  ability  to  recover. 


What  else  are  you  doing  to  help  with 
compliance? 

We  categorize  data  into  two  main  areas:  backup  and 
archiving.  [The  VTL]  is  what  I  classify  as  backup.  It  is 
data  for  the  business,  data  we  need  to  store  if  a  data¬ 
base  gets  corrupted  or  if  the  file  system  gets  removed. 
Archiving  is  long-term  and  geared  for  compliance.  For 
this  set  of  users,  by  law,  we  have  to  keep  e-mail  for  seven 
years.  This  type  of  information,  because  of  [Health 
Insurance  Portability  and  Accountability  Act]  regula¬ 
tions,  we  need  to  keep  for  a  number  of  years.  With  the 
archiving  we’re  looking  at  two  solutions,  one  for  e-mail 
and  one  for  all  other  files.  We  use  Network  Appliance 
for  e-mail  archiving.  We  have  set  the  policies  that 
[incoming  e-mail]  for  these  users  or  this  group  of  peo¬ 
ple  automatically  goes  to  a  [write  once,  read  many 
times  (WORM)  drive]  on  NetApp.  We’re  compliant  by 
using  this  as  our  back  end  for  archiving. 


So  are  you  doing  information  life-cycle  man¬ 
agement  with  your  data  overall? 

We’ve  looked  at  it  and  at  some  of  the  different  products. 
We  have  two  main  disk  subsystems  in  our  environment  — 
HP  StorageWorks  XP  Disk  Arrays  and  HP  StorageWorks 
Enterprise  Virtual  Array  (EVA).  When  you  look  at  the  cost  of 
implementing  ILM  and  coming  up  with  a  policy  that  says, 
“OK,  after  two  months,  I’m  going  to  move  Word  documents 
from  this  storage  to  this  storage,”  to  me  that  isn’t  worthwhile, 
because  buying  EVA-level  storage,  when  you  look  at  cost 
per  megabyte,  is  not  significantly  different  from  buying 
some  Serial  ATA  array  If  you  are  talking  about  a  petabyte  of 
information,  then  it’s  going  to  be  cheaper.  But  throughout 
the  100  terabytes,  by  the  time  I  bought  the  software  or  the 
ILM  layer,  implement  the  policies,  came  up  the  manage¬ 
ment  of  it  and  do  the  conversion,  it’s  more  cost- 
effective  to  me  to  have  one  tier  of  storage. 

Beyond  e-mail,  for  which  you  have  separate 
systems,  how  do  you  deal  with  the  unstruc¬ 
tured  stuff,  the  data  not  in  databases? 

We  categorize  this  into  two  main  areas:  things  that  are 
business-critical  and  things  that  fall  under  compliance. 
Usually  those  are  the  same  things,  in  that  anything  that  falls 
into  compliance  is  business-critical  —  though  we  may 
have  business-critical  data  that  is  not  under  compliance, 
like  application  design,  diagrams,  source  code,  that  sort  of 
thing.  We  have  a  file-level  archiving  solution.  We  have  a 
generic  policy  that  we  keep  relatively  conservative  using 
Enterprise  Vault  by  Veritas.  So  we  might  have  a  policy  that 
says,  after  three  months,  send  it  to  the  optical  platters  or  a 
NetApp  WORM  appliance,  and  it’s  there  and  then  it’s 
archived.  That  helps  keep  our  storage  more  manageable 
and  our  backups  more  manageable,  instead  of  some  com¬ 
plicated  ILM  system.  We  can  set  up  the  policies  based  on 
the  areas  of  the  storage.  Client-sensitive  data  goes  here  and 
it  can’t  go  anywhere  else,  so  it’s  pretty  easy  for  us  to  main¬ 
tain.  We  [watch]  access  time.  If  you  have  a  spreadsheet 
viewed  every  day  we  don’t  want  to  put  that  to  optical  and 
have  to  worry  about  it  getting  stuck  in  a  case  vault. 

After  you  get  your  disaster  recovery  moved 
in-house,  what's  next  for  your  storage 
systems? 

Once  that’s  in  place,  the  next  thing  is  more  frequent  back¬ 
ups  —  continuous  backups  or  checkpoints  every  hour,  tak¬ 
ing  us  to  that  next  level.  Then  we  can  provide  a  better 
response  time.  In  our  case,  for  disaster  recovery,  the  [best  in 
our  industry]  is  24  hours,  and  the  [industry  average]  is  48 
hours.  How  can  we  use  this  as  a  competitive  advantage? 
What  if  we  could  get  our  recovery  down  to  an  hour?  We 
can  go  to  our  business  side  and  say:  Here’s  a  new  selling 
point.  We’re  going  to  guarantee  a  [recovery]  in,  say,  two 
hours. We  want  to  be  ahead  of  the  curve.  ■ 
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Breaking  storage  news 

For  the  latest  news,  product  reviews,  opinions  and  blogs,  head  online 
to  the  Network  Storage  Research  Center.  Check  it  out  at: 

www.nwdocfinder.com/3541. 


For  20  years,  companies  around  the  globe  have  trusted  Raritan  for  secure  out-of-band  access  and 
control  products.  Now  we're  broadening  our  portfolio  to  include  a  range  of  service  management 
solutions.  They  are  the  only  solutions  that  combine  the  power  of  systems,  network  and  proactive 
security  management  with  secure,  remote  access. 


www.KVMplusMore.com 


If  you  manage  anywhere  from  10  to  2,500  desktops,  Raritan's  new  CommandCenter®  NOC  will  help  you 
to  increase  uptime,  spend  less  time  fighting  fires  and  focus  on  activities 

that  add  value  to  your  company's  bottom  line  —  part  of  the  future  of  IT  •* 

infrastructure  management.  Learn  more  at  www.KVMplusMore.com.  iSjwI  |\|Q|  | 

We  make  IT  simple.™ 


©  2006  Raritan.  Inc.  Raritan  and  CommandCenter  are  registered  trademarks  of  Raritan,  Inc. 
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New  Data  Center  security  tactics  can  help 
you  build  a  fortress  around  your  database. 


BY  BETH  SCHULTZ 

How  many  identities  will 
be  stolen  or  corporate 
assets  commandeered 
before  you  build  as 

strong  a  fortress  around  your  database  as 
you  do  around  the  perimeter?  Millions? 
Dare  I  say,  billions? 

Consider  these  statistics  from  the  Privacy  Rights  Clearing¬ 
house,  a  nonprofit  consumer  advocacy  group  in  San  Diego. 

Between  Feb.  15,  2005,  and  May  7, 
2006,  recorded  data  breaches  across 
the  country  compromised  the  per¬ 
sonal  information  of  more  than 
55  million  individuals.  That’s  a  whole 
lot  of  Social  Security  credit  card,  bank¬ 
ing  and  driver’s  license  information 
floating  around  unprotected. 

University  databases,  full  of  student 
information,  are  favorite  hacker  tar¬ 
gets.  Boston  College,  Carnegie  Mellon, 
Duke,  Georgetown,  Northwestern,  Pur¬ 
due, Tufts,  USC  —  these  are  only  a  few 
of  the  universities  that  have  fessed  up  to  being  hacker  vic¬ 
tims.  But  such  corporate  icons  as  CitiFinancial,  Ford  Motor 
and  Time  Warner  have  reported  data  losses,  too  —  from 
hackings,  insider  theft,  and  lost  or  stolen  laptops  and  tapes. 
(For  the  Clearinghouse’s  comprehensive  listing  of  reported 
incidents,  check  out  www.nwdocfinder.com/3521.) 

At  this  point, you  shouldn’t  need  another  data  theft  head¬ 
line  to  get  you  moving.  Any  decent  New  Data  Center  archi¬ 
tectural  plan  should  include  a  way  to  button  down  your 
enterprise  databases. 

Don’t  rely  exclusively  on  the  security  and  management 
features  native  to  your  big  IBM  DB2,  Microsoft  SQL 
Server  or  Oracle  lOg  databases.  They’re  gaining  in 
sophistication  and  functionality,  but  still  they  meet  only 
basic  security  requirements. 

So  if  you  haven’t  already,  the  time  has  come  to  bring  in 
the  big  guns.  All  enterprises  should  implement  database 
vulnerability  assessment,  data-at-rest  encryption,  intrusion 
detection  and  in-depth  auditing,  recommends  Forrester 
Research  in  a  November  2005  trend  report. 

The  tools,  available  largely  from  start-ups,  are  plentiful 
enough,  and  many  have  already  been  deployed  at  hun- 
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dreds  of  enterprises.  For  example,  take  Application  Secur¬ 
ity’s  AppDetective  vulnerability  assessment  scanner,  one 
of  the  earliest  database  protection  tools.  Application 
Security  counts  500  customers  for  AppDetective,  which 
discovers  database  applications  within  the  infrastructure 
and  assesses  how  secure  they  are,  says  Ted  Julian,  vice 
president  of  marketing  at  the  company  AppDetective 
scouts  out  a  slew  of  enterprise  databases  —  IBM  DB2, 
Lotus  Notes/Domino,  Microsoft  SQL  Server,  MySQL,  Oracle 
and  Sybase. 

Longtime  user  Mark  Maher,  a  security  administrator  at 
Ochsner  Health  System  in  New  Orleans,  credits  App¬ 
Detective  with  keeping  the  company’s  database  environ¬ 
ment  locked  down.“Our  Oracle  databases  obviously  con¬ 
tain  important  information  of  a  private  nature.  ...  We 
needed  a  tool  to  actively  assess  our  Oracle  environment 
and  secure  it  where  necessary?’  he  says. 

Because  AppDetective  kicks  in  immediately  on  receiv¬ 
ing  an  Oracle  security  alert,  Ochsner  Health  is  able  to 
determine  its  vulnerability  status  faster  than  if  it  had  to 
wait  for  an  Oracle  database  administrator  to  research  the 
advisory,  Maher  says.  To  prevent  internal  theft,  the  tool 
runs  access  scans  and  compares  them  with  termination 
reports.  It  quickly  deletes  former  employees  from  the 
database  access  roster,  too. 

Ochsner  Health  also  uses  AppDetective  to  search  out 
passwords  that  are  weak  and  noncompliant, according  to 
internal  Health  Insurance  Portability  and  Accountability 
Act  standards. 

Of  course,  AppDetective  isn’t  the  only  worthy  specialty 
database  security  product  on  the  market.  You  can  get 
good  database-protection  tools  from  Guardium,  IPLocks, 
Vormetric  and  others. 

The  point  is  not  what  vendor  or  product  you  choose 
but  that  you  take  action  —  now.  Network  executives  who 
seek  out  (and  address)  their  security  vulnerabilities  are 
smarter  than  the  ones  that  think  they  know  it  all.  ■ 
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New  Data  Center  resources 

For  more  on  security  technologies  to  use  as  part  of  your  New  Data 
Center  architecture,  check  out  our  special  NDC  research  center.  Go 

to:  www.nwdocfinder.com/2225 


How  Do  You  Distribute 
Power  in  Your  Data 
Center  Cabinet? 


With  Sentry! 

CDU  Product  Family:  Metered,  Smart  &  Switched 
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Server  Technology 

Solutions  for  the  Data  Center  Equipment  Cabinet 

The  Sentry  CDU  distributes  power  for  Blade 
servers  or  up  to  42  dual-power  1U  servers 
in  one  enclosure.  Single  or  3-phase  input 
with  110VAC,  208VAC  or  mixed  110/208VAC 
single-phase  outlet  receptacles. 

Metered  CDU 

>  Local  input  Current  Monitoring 
Smart  CDU 

>  Local  Input  Current  Monitoring 

>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Monitoring  of  Power  Temperatures 
and  Humidity 

Switched  CDU 

>  Local  input  current  Monitoring 

>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Monitoring  of  Power,  Temperatures 
and  Humidity 

>  Remote  Power  Control  of  Each  Outlet 
— -  On  /  Off  /  Reboot 


Server  Technology,  Inc. 
1040  Sandhill  Drive 
Reno,  NV  89521 
USA 


©Server  Technology,  Inc.  Sentry  is  a  trademark  of  Server  Technology,  Inc. 


toll  free +1.800.835.1515 
tel  +1.775.284.2000 
fax  +1.775.284.2065 

www.servertech.com 

sales@servertech.com 


“Bottom  line:  dtSearch  manages  a  terabyte  of  text  in  a  single 
index  and  returns  results  in  less  than  a  second”  —  InfoWorld 
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Instantly  Search 

Terabytes  ofjext 


vith  Spider  ($199> 
with  Spider  (,rom 
Spider  (from  $999) 
r  CD/DVDS  (from  $2,500) 
x  Win  &  NET 
,r  Linux 


For  hundreds  more  reviews  and  developer 
case  studies,  see  www.dtsearch.com 

Contact  dtSearch  for  fully-functional 
evaluations 


♦  over  two  dozen  indexed,  unindexed,  fielded  data 
and  full-text  search  options 

♦  highlights  hits  in  HTML,  XML  and  PDF,  while 
displaying  links,  formatting  and  IIi'iMi'LEI  . 

♦  converts  other  file  types  (word  processor,  database, 
spreadsheet,  email  &  attachments,  ZIP,  Unicode, 
etc.)  to  HTML  for  display  with  highlighted  hits 

♦  Spider  supports  static  and  dynamic  Web  content, 
with  WYSWYG  hit-highlighting 


♦  optional  API  for  C++,  .NET,  Java,  SQL,  etc. 
Ask  about  new  .NET  Spider  API 
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dtSearch  vs.  the 
competition: 
“dtSearch  easily 
overpowered  the 
document  indexing 
and  searching 
abilities  of  other 
solutions, 
especially  against 
large  volumes  of 
documents” 

Reliability: 
“dtSearch  got  the 
highest  marks 
from  our  systems 
engineering  folks 
that  I've  ever 
heard  of” 

Results:  “customer 
response  has  been 
phenomenal” 


“The  most  powerful 
document  search  tool  on 
the  market” 

—  Wired  Magazine 

“dtSearch ...  leads  the 
market” 

—  Network  Computing 

“Blindingly  fast” 

—  Computer  Forensics: 
Incident  Response  Essentials 

“A  powerful  arsenal  of 
search  tools” 

—  The  New  York  Times 

“Super  fast,  super¬ 
reliable” 

—  The  Wall  Street  Journal 

“Covers  all  data  sources 
...  powerful  Web-based 
engines”  —  eWEEK 

“Searches  at  blazing 
speeds” 

—  Computer  Reseller  News 


The  Smart  Choice  for  Text  Retrieval*  since  1991 


Test  Center 


1-800-IT-FINDS*51  www.dtsearch.com 
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Eliminat 
PCs  with  ... 

Ethernet  Terminals  from 
ComputerWise  connected  to 
your  in-house  LAN. 

Capture  production  data 
directly  into  files  on  your 
server. 


Features  £  Benefits 

•  Interactive  Telnet  Client 

•  TCP/IP  over  10/IOOBaseT  Ethernet 

•  Built-in  Barcode  Badge  Reader 

•  Optional  Mag-Stripe  &  RFID  Badge  Reader 

•  Auxiliary  RS-232  Serial  port 

•  Customizable  Data  Collection 
Program  Included 

•  Larger  keyboard  and  + 

display  sizes  available 
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Betting  on  software-as-a-service 

Staffing  firm  Vedior  handed  over  core  systems  to  a  hosted  software  provider. 


BY  ANN  BEDNARZ 

edior  North  America  isn’t  just 
dabbling  with  software  deliv¬ 
ered  as  a  service.  It’s  betting  the 
farm  on  the  model.  The  $1  billion 
Wakefield,  Mass.,  company  is  in  the 
process  of  implementing  Bullhorn’s 
hosted  staffing  and  recruiting  soft¬ 
ware  across  its  myriad  business  units. 

Staffing  and  recruiting  are  not  ancillary  activities  for  Vedior 
they  are  the  company’s  business: Vedior  provides  temporary 
and  permanent  placement  services  across  a  broad  range  of 
sectors.  Anyone,  from  a  traveling  doctor  or  security  guard  to 
a  mushroom  picker  or  forklift  operator,  might  find  a  job 
through  one  of  Vedior’s  280  offices. 

Entrusting  such  a  mission-critical  system  to  an  outside 
vendor  wasn’t  an  easy  decision  for  CIO  Peter  Ross  —  nor 
was  it  one  without  risk.  “We  need  a  very  good  sales  and 
recruiting  organization.  That  activity  is  critical,”  Ross  says. 
“We  mess  up  the  candidates,  or  we  mess  up  the  clients  — 
we’re  dead.” 

One  reason  Vedior  chose  a  hosted  solution  is  the  consis¬ 
tency  it  provides.  As  employees  sign  contracts,  screen  can¬ 
didates  and  fill  job  orders,  having  a  single  staffing  and 
recruiting  platform  gives  the  company  centralized  access 
to  performance  metrics  in  near  real  time.This  information 
would  have  been  filtered  to  management  eventually,  but 
now  divisional  and  branch  managers  can  see  instantly 
what's  going  on  in  their  businesses,  Ross  says. 

In  addition,  individual  operating  units  don’t  have  to  dedi¬ 
cate  IT  resources  to  upgrade  applications  each  time  a  new 
feature  is  required.  Bullhorn’s  hosted  software  combines  e- 
mail,  calendaring,  applicant  tracking,  CRM  and  job  man¬ 
agement  features,  and  provides  Vedior  recruiters  a  front- 
end  interface  to  communicate  in  real  time  with  clients,  job 
candidates  and  colleagues. 

“A  lot  of  this  activity  really  doesn’t  generate  any  revenue 
unless  [it]  lands  in  a  deal,”  Ross  says.  So  the  more  the  soft¬ 
ware  can  compress  the  time  it  takes  for  candidates  to  apply 
clients  to  place  job  orders,  and  recruiters  to  match  up  can¬ 
didates  and  clients,  the  better. 

Picking  Bullhorn 

With  so  many  divisions  to  satisfy, choosing  software  came 
down  to  finding  a  vendor  that  understood  the  staffing 
world. 


A  key  part  of  completing  the  deal  was  crafting  a  service- 
level  agreement  (SLA).  More  significant  than  ironing  out 
precise  metrics,  however,  was  the  opportunity  the  process 
gave  Vedior  to  confirm  that  Bullhorn  understood  what 
Vedior  needed  —  for  example, guaranteed  uptime,  not  only 
during  traditional  business  hours  but  also  after  hours, when 
recruiters  have  the  best  chance  of  catching  up  with  candi¬ 
dates. 

That  business  insight  is  critical.  Unless  it’s  certain  a  service 
provider  understands  a  company’s  expectations,  don’t  do  a 
deal,  Ross  recommends.“If  you  have  any  hesitation  that  they 
don’t  get  what  you  do,  then  don’t  do  it.You’ll  get  stuck.” 

Not  about  the  money 

While  some  might  consider  it  too  big  a  risk  to  depend  on 
a  third  party  to  secure  and  maintain  a  mission-critical  sys¬ 
tem,  Ross  feels  confident  in  his  decision.“I  actually  believe 
I’ve  reduced  my  exposure  by  using  software-as-a-service,” 
he  says.“But  1  did  put  a  lot  of  eggs  in  one  basket.” 

Vedior  considered  keeping  its  staffing  and  recruiting  sys¬ 
tems  in-house,  but  too  many  IT  staff  in  its  different  divisions 
were  duplicating  each  other’s  development  efforts.  Now 
internal  IT  staff  focus  on  revenue-generating  activities  and 
let  the  service  provider  focus  on  hardware,  performance 
and  network  connectivity  Ross  says. 

Surprisingly  absent  from  Ross’  reasons  for  choosing 
Bullhorn  is  cost.  Software-as-a-service  is  usually  priced  per 
user,  and  there’s  a  perception  its  cost  of  entry  is  low  and 
requires  minimal  capital  investment.  However,  the  software 
isn’t  cheap,  particularly  for  Vedior  business  units  that  already 
have  in-house  applications  for  staffing  and  recruiting. 

“It’s  costing  me  more  than  what  I  spent  before,”  he  says.“But 
because  I’m  handing  off  those  things  that  are  less  profit¬ 
enhancing  and  don’t  make  us  more  valuable  to  our  cus¬ 
tomers,  we  can  spend  more  time  on  smarter  things.” 

The  benefits  of  the  Bullhorn  system  are  just  starting  to 
become  apparent  among  the  divisions  to  adopt  Bullhorn 
early  These  include  ATS  Reliance,  Clinical  One,  Global 
Managed  Services,  Placement  Pros  and  Sapphire  Tech¬ 
nologies.  So  far,  nearly  500  users  in  seven  divisions  use  the 
Bullhorn  software,  and  Ross  plans  to  add  as  many  as  300 
more  users  as  rollouts  continue.  “1  knew  it  would  invent 
time  for  us.  1  knew  it  was  going  to  compress  the  work  cycle 
down  massively  which  it  has,”  Ross  says. 

One  way  Bullhorn  has  made  staff  more  efficient  is  by  pro¬ 
viding  in  one  place  data  that  wasn’t  previously  available.  In 
the  past,  only  a  recruiter  knew  the  life  cycle  of  a  particular 
job  candidate,  for  example.“With  a  product  like  Bullhorn,  I 
can  find  out  what’s  happened  from  when  we  first  made 
contact  with  a  candidate,”  Ross  says.  Bullhorn  stores  all  the 
data  —  such  as  e-mail  correspondence,  resume  submittals, 
interview  schedules  and,  eventually,  telephone  logs. 

The  system  has  helped  Vedior  win  deals,  too.  If  a  large 
deal  comes  in,  Bullhorn  automatically  distributes  job 
orders  to  recruiters  across  the  country.  Location  informa- 


Peter  Ross  of  Vedior  implemented  a  hosted  application  that 
boosts  the  staffing  company's  efficiency. 

tion,  required  qualifications  and  contract  requirements  are 
dispersed  automatically  to  all  the  parties.“All  the  recruiters 
have  to  do  is  start  pumping  people  against  it,”  Ross  says. 

That  efficiency  lets  divisions  bid  on  low-margin  deals  they 
might  have  avoided  in  the  past.“Without  the  right  technol¬ 
ogy,  you  can’t  even  think  about  entertaining  those  job 
orders,”  Ross  says. 

Ross  also  appreciates  that  Bullhorn  stays  on  top  of  issues, 
such  as  regulatory  and  legislative  initiatives,  that  affect  the 
staffing  world.’The  fact  there  is  a  group  of  people  who  have 
been  chartered  to  eat,  sleep  and  drink  a  task  is  very  valu¬ 
able,”  he  says.  ■ 


Online  exclusive:  Find  out  what  measures  Vedior  took  to  ensure  uptime 
of  its  hosted  application. 

www.nwdocfmder.com/3536 
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Cl  Travel  Manages  VoIP  Traffic  With  Observer 


High  phone  bills  were  eating  up 
Cl  Travel's  profits.  Because  reducing 
call  volume  really  wasn't  an  option, 
Cl  Travel’s  IT  Director,  Paul  Ingram, 
decided  to  take  advantage  of  Voice 
over  Internet  Protocol  (VoIP)  technology 
to  reduce  per-call  expenses.  The  new 
VoIP  phones,  while  dramatically 
reducing  per-call  costs,  came  with  a 
new  set  of  problems.  To  make  the 
investment  in  VoIP  technology  really 
pay  off,  Ingram  chose  Network 
Instruments'®  Observer®  to  successfully 
troubleshoot  the  VoIP  exchange. 

Currently,  there  are  175  VoIP 
phones  deployed  at  Cl  Travel's  49 
offices  around  the  world.  Next  year, 
he  expects  there  to  be  about  300  VoIP 
phones  deployed-one  VoIP  phone 
per  employee.  Because  much  of  the 
company's  business  is  conducted 
over  phone  lines,  Ingram  has  to  be 
certain  that  VoIP  users  are  getting  the 
best  quality  of  service  attainable. 

"Bad  voice  quality  makes  people 
turn  to  the  standard  phone  system, 


which  could  quickly  eliminate  any 
savings  we  were  intending  to  realize 
with  VoIP,"  Ingram  said.  "The 
company  depends  heavily  on  phone 


Sniffer  when  it  comes  to  VoIP,  but  I 
am  not  comfortable  using  a  product 
without  any  guarantee  of  technical  or 
service  support.  Observer,  on  the 


“So  far,  Observer’s  VoIP  capabilities 
has  helped  cut  Cl  Travel's  phone  bill 
by  about  25  to  30  percent.” 


communication  to  service  customers; 
calls  are  going  to  be  made  with 
the  most  reliable  phone,  no  matter 
the  cost." 

After  Ingram  purchased  VoIP  phones 
the  users  started  experiencing  VoIP 
issues.  He  researched  three  products: 
Sniffer®,  Ethereal,  and  Observer  Suite. 

"Sniffer  is  really  behind  on  VoIP 
features,"  he  said."  It  can't  even  record 
voice  packets  for  audio  playback. 
Ethereal  (an  open-source  "free"  product) 
is  actually  more  advanced  than 


Paul  Ingram,  Cl  Travel 

other  hand,  was  even  better  than 
Ethereal,  and  includes  a  higher  level 
of  support  than  either  of  them. 
Overall,  I  found  Observer  to  be  the 
best  value." 

Ingram  purchased  Observer 
technology,  including  a  probe  he 
placed  on  the  WAN  backbone  to 
troubleshoot  VoIP.  In  one  case, 
Ingram  used  Observer  to  troubleshoot 
erratic  jitter  that  was  occurring 
between  his  office  and  another  office. 
He  couldn't  hear  the  problem  on  his 


end  so  he  ran  a  packet  capture  and 
played  it  back  to  hear  the  problem. 
Not  only  did  Observer  help  him 
verify  that  there  was  a  prob  em,  it 
also  lead  him  to  the  so  ution. 
A  packet  capture  identified  a 
misconfigured  application  that  was 
hogging  bandwidth  and  causing 
a  general  network  slowdown. 

"Armed  with  the  information 
provided  by  Observer,  I  was  able 
to  reconfigure  the  misbehaving 
application,"  Ingram  said.  "I  also 
defined  a  QoS  policy  on  the  switch  to 
give  VoIP  traffic  the  highest  priority, 
tnereby  preventing  other  applications 
from  compromising  VoIP  reliability." 

As  long  as  VoIP  traffic  has  priority  on 
the  network,  communication  problems 
are  minimized,  allowing  Cl  Travel  to 
maintain  its  independence  from  the 
traditional  phone  system. 

"So  far,  Observer's  VoIP  capabilities 
has  helped  cut  Cl  Travel's  pnone  bill 
by  about  25  to  30  percent,"  Ingram  said. 


Observer  is  the  only  fully  distributed  network  analyzer  built  to  monitor  the  entire  network  (LAN,  802.1 1  a/b/g,  Gigabit,  WAN). 
Download  a  free  Observer  11  demonstration  today.  Visit  www.networkinstruments.com/analyze  to  learn  more. 

US  &  Canada  toll  free  800-526-5958  fax  952-358-3801  UK  &  Europe  +44(0)1959  569880 
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UltraMatrix™ 

Remote 


KVM  OVER  IP 


MATRIX  KVM  SWITCH  WITH 
INTEGRATED  REMOTE  ACCESS  OVER  IP 

System-wide  connectivity  over  IP  worldwide  and  locally 
Connects  1,000  computers  to  up  to  256  user  stations 
Supports  PC,  Sun,  Apple,  USB,  UNIX,  serial  devices 
High  quality  video  up  to  1280  x  1024 
Secure  encrypted  operation 

View  real-time  video  from  4  computer  connections  with 
quad-screen  mode 


The  UltraMatrix  Remote  represents  the  next  generation  in  KVM  switches  with  IP  access.  It 
provides  a  comprehensive  solution  for  remote  server  access  over  IP  and  local  as  well. 


■  KVM  RACK  DRAWERS  WITH  KVM  SWITCH  OPTION 

RackViews  offer  the  latest,  most  efficient  way  to  organize  and  streamline  your 
server  rooms  and  multiple  computers. 

The  RackView  is  a  rack  mountable  KVM  console  neatly  fitted  in  a  compact  pull-out 
drawer.  This  easy-glide  KVM  drawer  contains  a  high-resolution  TFT/LCD  monitor,  a 
tactile  keyboard,  and  a  high-resolution  touchpad  or  optical  mouse. 


UltraMatrix™ 

E-series 

KVM  SWITCH 


PR0FESSI0NAL  MULTI-USER  KVM  SWITCH 
2  -  4  KVM  STATIONS  TO  1,000s  OF  COMPUTERS 


PC  or  multi-platform  (  PC/Unix,  Sun,  Apple,  others) 

On-screen  menu  informs  you  of  connection  status  between  i 

in  an  expanded  system 

Powerful,  expandable,  low  cost 

No  need  to  power  down  most  servers  to  install 

Security  features  prevent  unauthorized  access 

Free  lifetime  upgrade  of  firmware 

Video  resolution  up  to  1600  x  1280 

Available  in  several  models 

Easy  to  expand  . 


The  UltraMatrix  E-Series  represents  the  latest  in  KVM  matrix  switch  technology,  at  an 
affordable  price.  The  E-Series  allows  you  to  connect  up  to  256  user  stations  to  as  many  as  .  \i 
1,000  computers.  The  UltraMatrix  E-Series  is  available  in  several  sizes:  2x4,  2x8,  2x16,  .  1 

4x4,  4x8,  4x16,  1x8,  and  1x16  in  either  PC  or  multi-  platform.  / 


XtendVue 

Vertical  Rack  mountable  LCD 
With  Built-in  KVM  Extender 


RackView 

Fold-Forward 


RackView 

Fold-Back 
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LCD  Monitor 


ROSE  US 
ROSE  EUROPE 
ROSE  ASIA 
ROSE  AUSTRALIA 


281  933  7673 
+  44  (0)  1264  850574 
+65  6324  2322 
+  617  3388  1540 


800-333-9343 

WWW.ROSE.COM 


i(|\ROSI 

xT^ELECTROMIC; 


RackView  • 
.  keyt>&rd/ 


MARKETPLACE 


\r 


TAP  Into  Your  Network 


Only  a  TAP  can  provide  a  complete  copy  of  data  from  full-duplex  links  at  line  rate  for 
monitoring  devices.  Without  a  TAP,  a  monitoring  device  may  be  fed  incomplete  and 
misleading  information-creating  false  positives  and  overlooking  network  problems 
that  actually  do  exist.  Visit  www.networkTAPs.com/visibility  today. 


Copper nTAPs 

10/100 . $395 

10/100/1000 . ,$9#.....$795 


Copper  to  Optical 
Conversion  nTAPs 

SX  or  LX . $1,495 

Optical  nTAPs 

One-Channel . $39$\...$295 

Two-Channel . $79tf....$575 

Three-Channel  ....$'U4^....$845 


To  learn  more  about  how  nTAPs  can  boost  your  network  visibility,  which  configuration  option 
is  best  for  you,  and  to  check  out  new  pricing  go  to  www.networkTAPs.com/visibility 
or  call  866-GET-/rTAP  today.  Free  overnight  delivery* 


m.  ce 


*Free  overnight  delivery  on  all  U.S.  orders  over  $295  confirmed  before  12  p.m.  Central  Time. 
nTAP  and  all  associated  logos  are  trademarks  or  registered  trademarks  of  Network  Instruments,  LLC. 
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Terminal  server  vendors,  who  proclaim  that 
they  have  Secore  Out  Of  Band  products,  rely 
on  RADIUS,  TACACS+  and  other  in-band 
protocols  to  provide  security.  By  inference, 
they  imply  they  secure  out  ot  hand  access 
when,  in  fact,  they  otter  only  network  security, 
which  conflicts  with  out  of  band  access. 


A  true  Secure  Out  of  Band  Management 
solution  should  provide  strong  security  without 
reliance  upon  network-based  protocols. 


CDI  offers: 


r-«  Hardware  encryption  over  dial-up 
and  network  connections 
r1-*  RSA  certified  SecurlD  authentication 
without  a  network. 
r1-*  Patented  central  management  of  all 
remote  devices 


Full  NIST,  FIPS  140-2  certifications  «-n 
Remote  Power  control  •-n 


Homologous  world-wide  approved  •-n 
internal  modems 


CDI  has  been  building  encryption  equipment  for  over  fifteen  years.  Our  customers  and  partners  include 
major  financial  institutions,  government  agencies,  major  telcos,  utilities,  and  the  United  States  military. 


Communication  Devices  Inc. 
www.outofbandmanagement.com 
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For  further  information  on  network  IT  products  and  solutions 
from  these  companies  and  more,  check  out  vendor  solutions  - 

www.networkworld.com/vendorsolutions 
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►  White  Papers 

►  Special  Reports 

►  Partner  Sites 

►  Webcasts 

►  Marketplace  Product  Finder 
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NETbUPPGRT 

□  N 

Complete  Enterprise  Asset  Management 

made  easy 


Do  you  know  where  your  oldest  computer  is?  Need  to  locate  and  upgrade  your  Windows  98 
systems?  Are  you  overpaying  on  unused  software  licenses?  Which  employees  are  spending  the 
most  time  surfing  the  web?  Find  out  fast  with  NetSupport  DNA. 

Managing  your  company's  IT  assets  means  more  than  just  selection  and  maintenance. 
Reporting,  inventory,  deployment  and  forecasting  are  also  part  of  the  job.  NetSupport  DNA  is 
an  easy  to  use  IT  asset  management  solution  that  provides  you  with  the  tools  you  need  to  get 
to  know  your  network. 

Unlike  other  solutions,  NetSupport  DNA  does  not  require  certified  training  or  have  a  complex 
implementation  path.  It  offers  all  of  the  functionality  you'd  expect  from  an  award  winning 
asset  management  suite,  but  with  only  a  30  minute  implementation  path. 

NetSupport  DNA  combines  powerful  hardware  and  software  inventory  with  software 
distribution,  application  and  internet  metering,  pc  remote  control,  enterprise  reporting  and  a 
web-based  help  desk  solution. 

Visit  www.netsupportdna.com  and  download  a  full  trial  license  today. 

And  in  30  minutes  start  viewing  your  vital  Asset  Information. 


sales@netsupport-inc.com 


1-770-205-4456 


www.netsupportdna.com 


Register  Today! 

www.networkworld.com/RM6CF1 
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OLPC 

continued  from  page  1 

the  project  seeks  to  develop  a 
$100  laptop  computer  for  use  by 
children  in  their  studies.The 
machine,  targeted  at  children  in 
developing  nations,  will  be 
offered  in  bulk  to  governments 
and  other  organizations. 

The  prototype’s  arrival  in  the 
United  States  from  Taiwan  early 
this  month  represented  a  mile¬ 
stone.  However,  the  project  is 
running  late,  and  several  obsta¬ 
cles  remain  before  computers 
get  into  kids’  hands.  (And  we’re 
not  even  talking  about  Micro¬ 


soft’s  Bill  Gates  recently  irking 
Negroponte  by  publicly  mocking 
the  $100  laptop  idea.) 

The  price  of  materials  is  one 
issue.The  computer  will  use  en¬ 
ergy-saving  flash  memory  in 
place  of  a  hard-disk  drive. 
Negroponte  originally  called  for 
1GB  of  memory,  but  this  has 
been  cut  in  half.  Analysts  were 
skeptical  that  the  team  could 
afford  1GB  of  memory,  given  the 
machine’s  target  price. 

“I  guess  they  were  right,”  says 
Walter  Bender,  president  of  soft¬ 
ware  and  content  at  OLPC. 
Bender  joined  the  project  earlier 
this  year  after  serving  as  execu¬ 
tive  director  of  MFCs  Media  Lab 
from  September  2000  until 
January  2006. 
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The  project,  which  has  changed 
its  name  to  de-emphasize  the 
$100  target  price,  says  it  expects 
the  initial  machines  will  cost 
about  $130  and  will  come  down 
to  about  $80  in  a  few  years. 

Other  changes  include  a  cut  in 
processor  performance.  Initially 
the  units  were  to  feature  a  500- 
MHz  Geode  processor  from  proj¬ 
ect  supporter  Advanced  Micro 
Devices  (AMD),  but  the  current 
specification  calls  for  a  400-MHz 
chip.  Bender  says  this  slower  chip 
was  easier  to  obtain  in  quantity. 

Perhaps  the  most  significant 
change  is  in  the  screen.  A  projec¬ 
tion  screen  was  to  have  been 


used  but  a  type  of  LCD  still 
under  development  that  can  be 
switched  between  a  low- 
resolution  color  mode  and  high- 
resolution  monochrome  mode  is 
planned.  Bender  says  the  new 
screen  will  be  “kick-ass,  cheap, 
superefficient  and  beautiful.” 

Getting  the  low-cost  laptop  into 
the  hands  of  kids  in  developing 
countries  won’t  mean  anything 
unless  the  machine  can  be  pow¬ 
ered. That  could  be  a  problem  in 
remote  villages  where  not  every 
home  has  electricity  The  current 
design  calls  for  the  laptop  to 
have  a  conventional  power  jack. 

If  a  home  has  electricity  it  can 
be  connected  via  an  adapter,  like 
a  normal  laptop,  but  if  there’s  no 
power  supply  it  can  be  hooked- 
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The  One  Laptop  Per  Child  project 
has  explored  a  number  of  laptop 
models,  including  one  with  a  hand 
crank  to  generate  power. 

up  to  an  alternative  energy 
source. This  could  be  a  hand- 
crank  or  foot-operated  generator 
or  something  like  a  solar  panel 
array  Bender  says. 

A  year  ago,  Negroponte  said 
he  expected  to  receive  the  first 
order  in  June  2005  and  to  have 
gathered  orders  for  about  6  mil¬ 
lion  machines  by  the  end  of 
that  year.  But  the  OLPC  is  not 
officially  accepting  orders  until 
it  has  completed  development 
of  the  prototype  and  set  pro¬ 


duction  plans,  Bender  says. 

Bender  recently  showed  the 
board  in  Cambridge,  Mass.,  run¬ 
ning  a  version  of  Red  Hat’s 
Fedora  Linux.“What  you’re  seeing 
is  close  to  the  final  design,”  he 
says.“Very  little  is  going  to  change 
on  this  board.” 

He  expects  to  finalize  the  de¬ 
sign  late  this  year,  and  to  begin 
production  in  the  first  quarter  of 
2007.  A  year  ago,  Negroponte  said 
production  would  begin  in  2006. 

Still,  the  arrival  of  the  first  proto¬ 
type,  the  product  of  several 
months  of  work  by  Quanta  Com¬ 
puter,  marks  a  strong  step  forward 
for  a  project  that  many  doubted 
would  make  it  this  far. 

The  Taiwanese  company  is  the 
world’s  largest  maker  of  laptop 
computers  and  one  of  a  number 
of  supporters  that  has  pledged 
to  assist  OLPC. 

Other  supporting  companies 
include  AMD,  Brightstar,  Google, 
News  Corp.,  Nortel  and  Red  Hat, 


and  wireless  network  chip 
maker  Marvell  Technology 
Group  recently  joined  the  list. 
Marvell  will  work  on  Wi-Fi  net¬ 
working  for  the  computer. 

OLPC  isn’t  the  first  effort  to 
make  computers  significantly  less 
expensive.  Oracle,  Sun  and  others 
have  pushed  the  thin-client  con¬ 
cept,  and  recently  Intel  partnered 
with  a  Mexican  telecom  com¬ 
pany  to  get  inexpensive  PCs  into 
the  hands  of  first-time  computer 
users  in  developing  countries 
(www.nwdocfinder.com/356 1 ) .  ■ 
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■  Got  a  suggestion  for  a  Wider  Net 
story?  An  offbeat  network  industry- 
related  topic?  A  fascinating  person¬ 
ality  we  should  profile?  Contact 
Bob  Brown  with  your  ideas  at 
bbrown@nww.coin. 


Start-up  Jitterbit  to  debut 
application  integration  engine 


BY  ANN  BEDNARZ 

Open  source  software  maker  Jitterbit  this  week  is 
expected  to  unveil  its  first  products,  which  are  aimed 
at  helping  small  and  midsize  busi¬ 
nesses  tackle  application  integra¬ 
tion  projects  without  the  cost  and 
complexity  associated  with  top-of- 
the-line  integration  engines. 

Jitterbit’s  software  is  geared  for 
moderately  complex  projects, 
such  as  point-to-point  integration, 
flat  file  exchange  or  database  syn¬ 
chronization.  For  projects  such  as 
these,  many  SMBs  balk  at  the  cost 
of  a  fully  loaded  integration  plat¬ 
form  from  vendors  such  as  IBM, 

Tibco  and  webMethods.  Instead 
they  resort  to  custom-coding  links  between  systems, 
says  Sharam  Sasson,  president  and  CEO  of  Jitterbit. 
The  company  offers  a  simple  alternative  that  doesn’t 
require  custom  coding,  he  says. 

Two  versions  are  available.  Companies  can  down¬ 
load  Jitterbit  Community  Edition  1.0  for  free.  Jitterbit 
Professional  Edition  1.0  costs  $10,000  per  server,  per 
year,  and  includes  product  support,  maintenance, 
training  and  development  services.  Both  versions 
run  on  Windows  and  Linux  and  support  transport 
protocols  including  Secure-HTTPFTPSimple  Object 
Access  Protocol  and  Open  Database  Connectivity 

Connection  information  —  such  as  data  types 
—  is  stored  in  a  metadata  repository,  which  docu¬ 
ments  relationships  between  components  being 
tied  together.  These  integration  profiles  can  be 
saved  as  Jitterpaks  —  the  vendor’s  name  for  pre¬ 


defined  integration  packages  that  users  can  share 
with  colleagues,  business  partners  and  the 
Jitterbit  community.  A  Jitterpak  might  detail  con¬ 
nections  to  an  online  market¬ 
place  such  as  Amazon.com,  or  a 
CRM  application  such  as 
Salesforce.com,  for  example,  to 
give  companies  a  head  start 
building  links  to  these  systems. 

Privately  held  Jitterbit  has 
10  employees.  It’s  self-funded  so 
far,  says  Sasson,  who  founded  the 
company  in  December  2003. 
Sasson  previously  founded 
Extensity,  which  makes  financial 
performance  management  soft¬ 
ware  (and  today  is  a  Golden  Gate 
Capital  company).  He  also  co-founded  CRM  ven¬ 
dor  Scopus  Technology  in  1991. 

Among  Jitterbit’s  early  customers  are  surgical  gar¬ 
ment  manufacturer  Marena  Group  in  Lawrence- 
ville,  Ga.,  which  uses  Jitterbit  to  bring  product 
orders  received  from  partner  systems  into  its  own 
ERP  system;  and  real  estate  investment  trust 
General  Growth  Properties  in  Chicago,  which  uses 
the  software  to  link  its  ERP  system  with  bank  sys¬ 
tems  and  other  data  sources. 

Jitterbit  isn’t  the  only  vendor  eyeing  the  integration 
middle  ground.  Cast  Iron  Systems  earlier  this  month 
released  two  versions  of  its  integration  appliances, 
which  also  are  designed  for  projects  that  require  sim¬ 
ple  application  connections  and  data  transforma¬ 
tions.  Cast  Iron  offers  lease  pricing  for  its  iASOOO 
appliances  starting  at  $4,000  per  month.  0 


Integration  tally 

Companies  worldwide  spent 
$6.4  billion  on  application 
integration  platforms  and 
middleware  in  2005,  according 
to  Gartner.The  research  firm 
expects  the  market  to  hit 

$7.3  billion 

in  2010. 


The  new  screen  will  be  “kick-ass, 
cheap,  superefficient  and  beautiful.” 

Walter  Bender,  president  of  software  and  content,  OLPC 
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BACKSPIN  Mark  Gibbs 

ICANN,  crashed  in  the  cranium 


“Anybody  who  thinks  [the 
.xxx  domain]  would  help 
parents  protect  kids  from 
porn  on  the  Internet  has 
crashed  in  the  cranium.” 

—  Jan  LaRue,  chief  counsel  for  Concerned  Women  for 
America,  quoted  in  Baptist  Press  News 

The  Internet  Corporation  for  Assigned  Names  and 
Numbers,  which  oversees  Internet  domain  names,  last 
June  was  ready  to  give  the  .xxx  global  top-level 
domain  (gTLD)  the  go-ahead,  but  on  May  10  this  year 
it  changed  its  mind. 

LaRue,  the  purveyor  of  unusual  metaphors  quoted 
above,  is  quite  correct  that  the  recently  rejected  .xxx 
domain  would  do  nothing  to  help  parents  keep  chil¬ 
dren  away  from  porn  on  the  Internet.  In  fact,  if  ap¬ 
proved  the  proposed  .xxx  gTLD  would  do  nothing  at 
all  for  anyone,  with  the  notable  exception  of  an  outfit 
called  ICM  Registry. 

ICM  is  the  company  that  came  up  with  the  idea  of  the 
.xxx  domain.  If  the  domain  had  received  the  go-ahead, 
ICM  would  have  been  the  sole  registrar,  a  role  that  would 
have  generated  a  lot  of  money  for  it. 

ICM  s  arguments  for  the  .xxx  domain  were  that  it 
would  make  it  much  easier  to  find  and  filter  out  online 


pornography.  It  doesn’t  seem  possible  finding  pornog¬ 
raphy  on  the  Internet  could  be  much  easier,  so  we  can 
ignore  that  one. 

So,  what  about  filtering?  Sure,  .xxx  domains  could  be 
easily  filtered  if  users  blacklisted  the  domain,  but  porn 
would  still  appear  in  other  domains. 

ICM’s  arguments  for  .xxx  were  flawed,  but  most  argu¬ 
ments  against  it  were  equally  specious.  Organizations 
such  as  the  Family  Research  Council  claimed  that  allocat¬ 
ing  a  domain  for  pornography  “would  simply  have  the 
effect  of  legitimizing  much  material  that  is  likely  illegal,”  a 
stunningly  silly  argument. 

ICM  is  annoyed,  to  say  the  least,  and  Stuart  Lawley  chair¬ 
man  and  president  of  ICM,  is  asking  ICANN  for  an  expla¬ 
nation.  Lawley  complained:“We’ve  spent  nearly  six  years 
and  $3  million  on  this.  We  have  followed  the  rules  and 
have  been  told  that  we’ve  got  through  at  various  stages. . . . 
There  are  a  variety  of  routes  for  us  to  go  down,  and  we  are 
considering  all  our  options.” 

Translation:  We’re  thinking  about  suing  ICANN. 

From  this  you  might  think  that  allocating  a  new  gTLD 
to  be  administered  by  a  single  registrar  is  not  an  option. 
Well, you  would  be  wrong,  because  at  the  same  ICANN 
meeting  where  the  board  turned  down  .xxx,  it  approved 
the  establishment  of  a  .tel  gTLD  to  be  administered  by  a 
single  registrar, TelNIC. 


The  transcript  of  the  ICANN  meeting  wherein  .xxx  was 
voted  down  while  .tel  was  approved  can  be  found  at 
www.nwdocfinder.com/3564.What  is  particularly  reveal¬ 
ing  is  the  lack  of  transparency,  as  all  of  the  discussions  sur¬ 
rounding  the  decisions  are  off  the  record. 

Many  are  claiming  that  ICANN’s  decisions  were  politi¬ 
cally  driven,  which  is  disputed  by  many  board  members. 
That  said,  it  certainly  is  strange  that  as  of  March, Vint  Cerf, 
chairman  of  ICANN,  was  widely  reported  to  be  in  favor 
of  .xxx.  I  suspect  we  are  unlikely  to  find  out  what 
changed  his  mind. 

What  should  concern  us  is  that  it  is  impossible  for 
ICANN  not  to  be  the  center  of  a  storm  of  politics, yet 
the  board  apparently  doesn’t  understand  it  has  to  rise 
above  that.  Without  transparency  and  evenhandedness, 
the  board  dooms  ICANN  and  America’s  role  in  Internet 
governance,  which  could  eventually  be  interpreted  as 
being  so  politicized  and  unfair  that  the  rest  of  the 
world  might  take  over  Internet  management  forcibly. 
The  result  easily  could  be  worse  governance  than 
ICANN  is  providing. 

So,  Cerf  and  other  board  members,  let  me  ask  you:  Is  this 
how  you  want  history  to  remember  you,  as  the  guys  who 
screwed  up  Internet  governance?  Feel  free  to  respond  to 
backspin@gibbs.com  or  post  your  comments  on  Gibbsblog. 
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News,  insights  and  oddities 


Google  beats  porn  . . .  but  not  sex. 


Paul  McNamara 


And  Yahoo  beats  all  three  of  them.  In  fact,  the  word 
Yahoo  apparently  is  the  undefeated  heavyweight  champ 
of  Google  search  terms  —  search  terms,  not  search 
engines  —  according  to  no  less  an  authority  than  a  new  feature  from  Google  called 
GoogleTrends.The  acronym  MSN  kicks  butt,  too,  so  much  so  that  the  term  oddly  out¬ 
ranks  the  name  of  a  little  company  called  Microsoft. 

All  of  which  leads  me  to  conclude  that  there  is  either  a  screw  loose  in  GoogleTrends 
or  a  logical  explanation  for  these  unexpected  results  that  has  eluded  me  so  far. 
Google’s  answer  below  leaves  me  unsatisfied,  but  perhaps  you'll  judge  it  differently. 

Google  has  a  hard  time  convincing  me  that  more  people  intentionally  use  Google  to 
search  on  the  search-engine  names  Yahoo  and  Google  than  on  any  other  common  word 
or  moniker.  Go  ahead  and  give  it  a  shot  at  www.google.com/trends.  I'll  even  save  you 
the  time  of  trying  these  words  vs.  the  words  Yahoo  or  Google: 

Care  to  start  with  names  and  events  in  the  news?The  words  Yahoo  and  Google  gar¬ 
ner  more  search  queries  than  the  words  Bush,  Cheney,  Iraq,  war,  Britney  Spears, 
American  Idol  or  Cruise  —  the  latter  even  though  GoogleTrends  acknowledges  it  can¬ 
not  differentiate  between  requests  for  an  actor,  a  missile  or  a  floating  buffet. 

Common  words  and  terms?  Yahoo  and  Google  each  blows  away  mortgage,  food,  beer, 
weight,  clothes,  oil,  car,  gas  prices,  phone,  cancer,  heart,  AIDS,  love  and  marriage. 

Maybe  something  from  our  sports-obsessed  culture?That  would  be  tough  luck  for 
Tiger  Woods,  golf,  baseball,  soccer,  basketball  and  football. 

How  about  business?  It's  not  worth  listing  all  the  less-than-worthies:  IBM,  AOL  and 
Wal-Mart.  As  noted  earlier,  the  word  Yahoo  has  croaked  the  word  Microsoft  uninter¬ 
rupted  since  2003  —  the  earliest  data  provided.  But  Microsoft  stayed  neck  and  neck 
with  Google  through  2004  —  today  it’s  no  contest.  (Curiously,  the  word  MySpace  looks 
to  be  gaining  ground  on  both  the  search  giants  at  a  rather  rapid  clip,  although  one  of 
the  limitations  of  GoogleTrends  is  that  you  don't  get  detail  on  the  raw  numbers.) 

Religion?  Say  a  prayer  for  the  words  church,  bible,  pope,  god,  Jesus  Christ  and  Islam, 


because  not  one  can  hold  a  novena  candle  to  the  search-engine  names  in  terms  of 
worldwide  search  popularity,  according  to  GoogleTrends. 

So  what  does  Google  have  to  say? 

“I  don’t  think  there's  anything  specific  about  search-engine  queries  that  would  skew 
the  results.  However,  one  thing  to  keep  in  mind  is  that  every  part  of  a  search  query  is 
counted  in  GoogleTrends  results,”  says  company  spokeswoman  Sonya  Boralv.  "For 
example,  searches  for  Google,  Google  Video,  and  Google  Maps  would  all  count 
toward  results  for  Google.This  fact  may  help  account  for  results  for  popular  terms 
such  as  search  engines." 

Maybe  a  little,  but  nowhere  near  enough.  Here's  another  way  to  phrase  what  Google 
is  asking  us  to  accept: 

The  number  of  Google  searches  for  the  word  Yahoo  plus  all  the  phrases  and  strings 
that  contain  the  word  Yahoo  exceed  the  number  of  Google  searches  for  the  word  sex 
plus  all  the  phrases  and  strings  that  contain  the  word  sex.  (Not  to  mention  Google  and 
all  the  phrases  and  strings  that  contain  the  word  Google.) 

In  other  words,  if  the  GoogleTrend  results  do  reflect  reality,  the  world  of  Google 
searchers  would  seem  to  care  more  about  Yahoo  than  it  does  Google  ...  or  sex. 

And  we  know  that  neither  is  true  . . .  don’t  we? 

Which  leaves  us  little  more  than  room  for  speculation. 

One  possibility  —  a  distinct  one  —  would  be  that  it's  me  who  has  the  screw  loose  and 
this  data  indeed  does  represent  exactly  what  it  appears  to  represent:  an  overriding 
interest  on  the  part  of  Google  searchers  in  everything  related  to  search  engines. 

Another  possibility  could  be  that  the  results  returned  by  GoogleTrends  for  the  terms 
Yahoo,  Google  and  MSN  are  actually  measuring  something  else,  or  at  least  something 
more.  What  else?  What  more?  Mass  confusion?  Some  kind  of  search-related  racket? 
Your  guess  has  to  be  better  than  mine. 

Please  share.  The  address  is  buzz@nww.com. 
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Take  cost  out  of  your  business  and  increase  productivity. 

No  matter  where  you  do  business. 


The  Brother  Advantage 

Comprehensive  selection 
Increased  productivity 
^  Lower  acquisition  costs 
>-  Reduced  consumable  costs 
24/7/365  support  and  service 
Free  evaluation  program 
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Brother  Printer,  Fax  and  Multi-Function  Center®  models  - 
designed  to  increase  productivity  while  decreasing  overhead. 


Considering  that  over  94%  of  Fortune  1000  company  employees  work  outside 
corporate  headquarters*,  equipping  them  with  a  cost-effective  solution  is,  to 
say  the  least,  a  major  challenge. 

That's  why  Brother's  Commercial  Division  is  committed  to  providing  superior 
and  reliable  imaging  solutions  that  increase  productivity  while  reducing  costs. 
This  enables  businesses  like  yours  to  effectively  address  critical  organizational 
goals  and  challenges. 


Mobile  Printing  Solutions  Labeling  Solutions 


Desktop  User  Solutions  Color  User  Solutions 


But  it  is  our  product  reliability,  coupled  with  a  responsive  nationwide  support 
and  service  network,  that  has  companies  like  yours  putting  Brother  at  the  top 
of  their  requisition  lists. 

Brother's  Commercial  Division  welcomes  the  opportunity  to  put  our  resources 
to  work  for  you.  Contact  us  today  so  we  can  show  you  how  we  can  positively 
impact  your  bottom  line  while  enhancing  your  performance. 


Network  Printer  Solutions  Fax  Solutions 


For  more  information,  call  1-866-455-7713. 

^Purchase  Influence  in  Larger  American  Businesses  (Erdos  &  Morgan,  2001). 
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For  more  information  visit  our  Web  site  at  www.brother.com 


Spam,  Spyware,  IM,  and  Virus  protection  at  an  affordable  price. 


•  No  per  user  license  fees 

•  Prices  starting  at  $1399 

•  Powerful,  enterprise-class  solution 


Barracuda  Spam,  Spyware  and  IM  Firewalls 
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POWERFUL 


EASY  TO  USE 


AFFORDABLE 


Aggressive  reseller  program  available.  Get  more  info  by  visiting 
www.barracudanetworks.com/nww  or  (888-ANTI-SPAM) 


